From 6b0fb09e0d037fae391bbc35701fe1c936478b62 Mon Sep 17 00:00:00 2001 From: Howard Chu Date: Wed, 20 Mar 2002 13:11:37 +0000 Subject: [PATCH] Fix ITS#1607, longstanding bug in group and dnattr acls, gave access to anonymous connections. --- servers/slapd/acl.c | 12 ++++++++++-- 1 file changed, 10 insertions(+), 2 deletions(-) diff --git a/servers/slapd/acl.c b/servers/slapd/acl.c index 5182380843..c9051f854f 100644 --- a/servers/slapd/acl.c +++ b/servers/slapd/acl.c @@ -768,7 +768,7 @@ acl_mask( } } - if ( b->a_dn_at != NULL && op->o_ndn.bv_len != 0 ) { + if ( b->a_dn_at != NULL ) { Attribute *at; struct berval bv; int rc, match = 0; @@ -777,6 +777,10 @@ acl_mask( assert( attr != NULL ); + if ( op->o_ndn.bv_len == 0 ) { + continue; + } + #ifdef NEW_LOGGING LDAP_LOG(( "acl", LDAP_LEVEL_DETAIL1, "acl_mask: conn %d check a_dn_pat: %s\n", @@ -843,12 +847,16 @@ acl_mask( } } - if ( b->a_group_pat.bv_len && op->o_ndn.bv_len ) { + if ( b->a_group_pat.bv_len ) { char buf[1024]; struct berval bv; struct berval ndn = { 0, NULL }; int rc; + if ( op->o_ndn.bv_len == 0 ) { + continue; + } + bv.bv_len = sizeof(buf) - 1; bv.bv_val = buf; -- 2.39.5