From cd74b62fd2a4f755bb51b5c7bf550c78b09709c4 Mon Sep 17 00:00:00 2001
From: Pierangelo Masarati <ando@openldap.org>
Date: Thu, 5 Jul 2001 08:40:40 +0000
Subject: [PATCH] rdn check to prevent illegal rdns in modrdn (copied from
 dn_rdn) fixes ITS#1102

---
 servers/slapd/back-ldbm/modrdn.c |  2 +-
 servers/slapd/dn.c               | 51 ++++++++++++++++++++++++++++++--
 2 files changed, 49 insertions(+), 4 deletions(-)

diff --git a/servers/slapd/back-ldbm/modrdn.c b/servers/slapd/back-ldbm/modrdn.c
index ed804339ad..19b0da05a2 100644
--- a/servers/slapd/back-ldbm/modrdn.c
+++ b/servers/slapd/back-ldbm/modrdn.c
@@ -479,7 +479,7 @@ ldbm_back_modrdn(
 	    /* Not a big deal but we may say something */
 #ifdef NEW_LOGGING
 	    LDAP_LOG(( "backend", LDAP_LEVEL_INFO,
-		       "ldbm_back_modrdn: old_rdn_type=%s new_rdn_type-%s\n",
+		       "ldbm_back_modrdn: old_rdn_type=%s new_rdn_type=%s\n",
 		       old_rdn_type, new_rdn_type ));
 #else
 	    Debug( LDAP_DEBUG_TRACE,
diff --git a/servers/slapd/dn.c b/servers/slapd/dn.c
index 08cda568fa..1cf7b42c53 100644
--- a/servers/slapd/dn.c
+++ b/servers/slapd/dn.c
@@ -486,10 +486,55 @@ rdn_attr_value( const char * rdn )
 }
 
 
-int rdn_validate( const char * rdn )
+/* rdn_validate:
+ * 
+ * 1 if rdn is a legal rdn; 
+ * 0 otherwise (including a sequence of rdns)
+ */
+int
+rdn_validate( const char * rdn )
 {
-	/* just a simple check for now */
-	return strchr( rdn, '=' ) != NULL;
+	int	inquote;
+
+	if ( rdn == NULL ) {
+		return( 0 );
+	}
+
+	if ( strchr( rdn, '=' ) == NULL ) {
+		return( 0 );
+	}
+
+	while ( *rdn && ASCII_SPACE( *rdn ) ) {
+		rdn++;
+	}
+
+	if( *rdn == '\0' ) {
+		return( 0 );
+	}
+
+	inquote = 0;
+
+	for ( ; *rdn; rdn++ ) {
+		if ( *rdn == '\\' ) {
+			if ( *(rdn + 1) ) {
+				rdn++;
+			}
+			continue;
+		}
+		if ( inquote ) {
+			if ( *rdn == '"' ) {
+				inquote = 0;
+			}
+		} else {
+			if ( *rdn == '"' ) {
+				inquote = 1;
+			} else if ( DN_SEPARATOR( *rdn ) ) {
+				return( 0 );
+			}
+		}
+	}
+
+	return( 1 );
 }
 
 
-- 
2.39.5