From 5cab6b77e4080d55185beba322303633d2766033 Mon Sep 17 00:00:00 2001
From: Howard Chu <hyc@openldap.org>
Date: Fri, 7 Feb 2014 03:02:33 -0800
Subject: [PATCH] ITS#7798 fix mdb_entry_decode()

---
 servers/slapd/back-mdb/id2entry.c  | 18 +++++++++++++++---
 servers/slapd/back-mdb/proto-mdb.h |  2 +-
 servers/slapd/back-mdb/search.c    |  2 +-
 servers/slapd/back-mdb/tools.c     |  2 +-
 4 files changed, 18 insertions(+), 6 deletions(-)

diff --git a/servers/slapd/back-mdb/id2entry.c b/servers/slapd/back-mdb/id2entry.c
index 7b423bf4f5..77a25a6daa 100644
--- a/servers/slapd/back-mdb/id2entry.c
+++ b/servers/slapd/back-mdb/id2entry.c
@@ -188,7 +188,7 @@ int mdb_id2entry(
 		rc = MDB_NOTFOUND;
 	if ( rc ) return rc;
 
-	rc = mdb_entry_decode( op, &data, e );
+	rc = mdb_entry_decode( op, mdb_cursor_txn( mc ), &data, e );
 	if ( rc ) return rc;
 
 	(*e)->e_id = id;
@@ -638,7 +638,7 @@ static int mdb_entry_encode(Operation *op, Entry *e, MDB_val *data, Ecount *eh)
  * structure. Attempting to do so will likely corrupt memory.
  */
 
-int mdb_entry_decode(Operation *op, MDB_val *data, Entry **e)
+int mdb_entry_decode(Operation *op, MDB_txn *txn, MDB_val *data, Entry **e)
 {
 	struct mdb_info *mdb = (struct mdb_info *) op->o_bd->be_private;
 	int i, j, nattrs, nvals;
@@ -669,7 +669,19 @@ int mdb_entry_decode(Operation *op, MDB_val *data, Entry **e)
 
 	for (;nattrs>0; nattrs--) {
 		int have_nval = 0;
-		a->a_desc = mdb->mi_ads[*lp++];
+		i = *lp++;
+		if (i > mdb->mi_numads) {
+			rc = mdb_ad_read(mdb, txn);
+			if (rc)
+				return rc;
+			if (i > mdb->mi_numads) {
+				Debug( LDAP_DEBUG_ANY,
+					"mdb_entry_decode: attribute index %d not recognized\n",
+					i, 0, 0 );
+				return LDAP_OTHER;
+			}
+		}
+		a->a_desc = mdb->mi_ads[i];
 		a->a_flags = SLAP_ATTR_DONT_FREE_DATA | SLAP_ATTR_DONT_FREE_VALS;
 		a->a_numvals = *lp++;
 		if (a->a_numvals & HIGH_BIT) {
diff --git a/servers/slapd/back-mdb/proto-mdb.h b/servers/slapd/back-mdb/proto-mdb.h
index c5242a82a3..3671425dbf 100644
--- a/servers/slapd/back-mdb/proto-mdb.h
+++ b/servers/slapd/back-mdb/proto-mdb.h
@@ -193,7 +193,7 @@ int mdb_entry_return( Operation *op, Entry *e );
 BI_entry_release_rw mdb_entry_release;
 BI_entry_get_rw mdb_entry_get;
 
-int mdb_entry_decode( Operation *op, MDB_val *data, Entry **e );
+int mdb_entry_decode( Operation *op, MDB_txn *txn, MDB_val *data, Entry **e );
 
 void mdb_reader_flush( MDB_env *env );
 int mdb_opinfo_get( Operation *op, struct mdb_info *mdb, int rdonly, mdb_op_info **moi );
diff --git a/servers/slapd/back-mdb/search.c b/servers/slapd/back-mdb/search.c
index 4cac2b30df..fd48762529 100644
--- a/servers/slapd/back-mdb/search.c
+++ b/servers/slapd/back-mdb/search.c
@@ -806,7 +806,7 @@ notfound:
 				goto done;
 			}
 
-			rs->sr_err = mdb_entry_decode( op, &edata, &e );
+			rs->sr_err = mdb_entry_decode( op, ltid, &edata, &e );
 			if ( rs->sr_err ) {
 				rs->sr_err = LDAP_OTHER;
 				rs->sr_text = "internal error in mdb_entry_decode";
diff --git a/servers/slapd/back-mdb/tools.c b/servers/slapd/back-mdb/tools.c
index 5b5f505ca4..0839d56784 100644
--- a/servers/slapd/back-mdb/tools.c
+++ b/servers/slapd/back-mdb/tools.c
@@ -396,7 +396,7 @@ mdb_tool_entry_get_int( BackendDB *be, ID id, Entry **ep )
 			}
 		}
 	}
-	rc = mdb_entry_decode( &op, &data, &e );
+	rc = mdb_entry_decode( &op, txn, &data, &e );
 	e->e_id = id;
 	if ( !BER_BVISNULL( &dn )) {
 		e->e_name = dn;
-- 
2.39.5