Home Explore Help
Register Sign In
Apq
/
389-ds-base
mirror of https://github.com/389ds/389-ds-base.git
1
0
Fork 0
Files Issues 0 Wiki
Browse Source

Bug 661792 - Valid managed entry config rejected

The attribute mapping parsing code in the managed entries plug-in
can access the wrong memory when trying to parse the post-macro
portion of a mapping value when no post string exists.  When the
macro is at the end of the mapping value, we were setting post_str
to an empty constant string.  The code that later parses post_str
expects post_str to be contained within the actual mapping value
string.  This is not the case when we have set post_str to point
to a constant emptry string, so we end up parsing through memory
that we shouldn't.

The fix is to set post_str to NULL when there is no post string.
We can then skip post string parsing when post_str is not set.
Nathan Kinder 15 years ago
parent
f5dc7260fb
commit
3b68aa6f5e
1 changed files with 4 additions and 5 deletions
Split View Show Diff Stats
  1. 4 5
      ldap/servers/plugins/mep/mep.c

+ 4 - 5
ldap/servers/plugins/mep/mep.c
View File 

@@ -1387,9 +1387,8 @@ mep_parse_mapped_attr(char *mapping, Slapi_Entry *origin,
 
                      * to be a part of the map type. */
 
                     if (IS_ATTRDESC_CHAR(*p)) {
 
                         map_type = strndup(var_start, p - var_start + 1);
 
-                        /* There is no post string, so
 
-                         * set it to be empty. */
 
-                        post_str = "";
 
+                        /* There is no post string. */
 
+                        post_str = NULL;
 
                     } else {
 
                         map_type = strndup(var_start, p - var_start);
 
                         post_str = p;
 
@@ -1409,7 +1408,7 @@ mep_parse_mapped_attr(char *mapping, Slapi_Entry *origin,
 
                 }
 
 
                 /* Process the post string to remove any escapes. */
 
-                for (p = post_str; p <= end; p++) {
 
+                for (p = post_str; p && (p <= end); p++) {
 
                     if (*p == '$') {
 
                         if ((p == end) || (*(p+1) != '$')) {
 
                             slapi_log_error( SLAPI_LOG_FATAL, MEP_PLUGIN_SUBSYSTEM,
 
@@ -1449,7 +1448,7 @@ mep_parse_mapped_attr(char *mapping, Slapi_Entry *origin,
 
             if (map_val) {
 
                 /* Create the new mapped value. */
 
                 *value = slapi_ch_smprintf("%s%s%s", pre_str,
 
-                                           map_val, post_str);
 
+                                           map_val, post_str ? post_str : "");
 
                 if (freeit) {
 
                     slapi_ch_free_string(&map_val);
 
                 }