openldap ber_init will assert if the bv->bv_val is NULL

Have to ensure that all usage of ber_init in the server checks to see if
the bv->bv_val is non-NULL before using ber_init, and return the appropriate
error if it is NULL
Also fixed a problem in dna_extend_exop - would not send the ldap result to
the client in certain error conditions
Reviewed by: nhosoi (Thanks!)
Tested on: RHEL5 x86_64

ldap/servers/plugins/acl/aclproxy.c

@@ -98,6 +98,10 @@ parse_LDAPProxyAuth(struct berval *spec_ber, int version, char **errtextp,
 		break;
 	}
 
+	if ( !spec_ber || !spec_ber->bv_val ) {
+		break;
+	}
+
 	/* create_LDAPProxyAuth */
     spec = (LDAPProxyAuth*)slapi_ch_calloc(1,sizeof (LDAPProxyAuth));
 	if (!spec) {

ldap/servers/plugins/chainingdb/cb_controls.c

@@ -221,7 +221,8 @@ int cb_update_controls( Slapi_PBlock * pb,
             dCount++;
 
         } else
-            if (!strcmp(reqControls[cCount]->ldctl_oid,CB_LDAP_CONTROL_CHAIN_SERVER)) {
+            if (!strcmp(reqControls[cCount]->ldctl_oid,CB_LDAP_CONTROL_CHAIN_SERVER) &&
+                reqControls[cCount]->ldctl_value.bv_val) {
 
             /* Max hop count reached ?                 */
             /* Checked earlier by a call to cb_forward_operation()  */

ldap/servers/plugins/chainingdb/cb_utils.c

@@ -147,7 +147,8 @@ int cb_forward_operation(Slapi_PBlock * pb ) {
 		struct berval   *ctl_value=NULL;
 		int iscritical=0;
 
-		if (slapi_control_present(ctrls,CB_LDAP_CONTROL_CHAIN_SERVER,&ctl_value,&iscritical)) {
+		if (slapi_control_present(ctrls,CB_LDAP_CONTROL_CHAIN_SERVER,&ctl_value,&iscritical) &&
+			ctl_value && ctl_value->bv_val) {
 
 			/* Decode control data 			*/
 			/* hop           INTEGER (0 .. maxInt) 	*/

ldap/servers/plugins/deref/deref.c

@@ -380,6 +380,12 @@ deref_parse_ctrl_value(DerefSpecList *speclist, const struct berval *ctrlbv, int
 
     PR_ASSERT(ctrlbv && ctrlbv->bv_val && ctrlbv->bv_len && ldapcode && ldaperrtext);
 
+    if (!ctrlbv || !ctrlbv->bv_val) {
+        *ldapcode = LDAP_PROTOCOL_ERROR;
+        *ldaperrtext = "Empty deref control value";
+        return;
+    }
+
     ber = ber_init((struct berval *)ctrlbv);
 	for (tag = ber_first_element(ber, &len, &last);
          (tag != LBER_ERROR) && (tag != LBER_END_OF_SEQORSET);

ldap/servers/plugins/dna/dna.c

@@ -1602,7 +1602,7 @@ static int dna_request_range(struct configEntry *config_entry,
     }
 
     /* Parse response */
-    if (responsedata) {
+    if (responsedata && responsedata->bv_val) {
         respber = ber_init(responsedata);
         if (ber_scanf(respber, "{aa}", &lower_str, &upper_str) == LBER_ERROR) {
             ret = LDAP_PROTOCOL_ERROR;
@@ -3123,7 +3123,7 @@ static int dna_config_check_post_op(Slapi_PBlock * pb)
  ***************************************************/
 static int dna_extend_exop(Slapi_PBlock *pb)
 {
-    int ret = -1;
+    int ret = SLAPI_PLUGIN_EXTENDED_NOT_HANDLED;
     struct berval *reqdata = NULL;
     BerElement *tmp_bere = NULL;
     char *shared_dn = NULL;
@@ -3152,20 +3152,19 @@ static int dna_extend_exop(Slapi_PBlock *pb)
 
     /* Fetch the request data */
     slapi_pblock_get(pb, SLAPI_EXT_OP_REQ_VALUE, &reqdata);
-    if (!reqdata) {
+    if (!reqdata || !reqdata->bv_val) {
         slapi_log_error(SLAPI_LOG_FATAL, DNA_PLUGIN_SUBSYSTEM,
                         "dna_extend_exop: No request data received.\n");
         goto free_and_return;
     }
 
     /* decode the exop */
-    if ((tmp_bere = ber_init(reqdata)) == NULL) {
-        ret = -1;
+    if ((reqdata->bv_val == NULL) || (tmp_bere = ber_init(reqdata)) == NULL) {
         goto free_and_return;
     }
 
     if (ber_scanf(tmp_bere, "{a}", &shared_dn) == LBER_ERROR) {
-        ret = -1;
+        ret = LDAP_PROTOCOL_ERROR;
         goto free_and_return;
     }
 

ldap/servers/plugins/replication/repl5_total.c

@@ -729,7 +729,7 @@ decode_total_update_extop(Slapi_PBlock *pb, Slapi_Entry **ep)
 	if (NULL == extop_oid ||
 		((strcmp(extop_oid, REPL_NSDS50_REPLICATION_ENTRY_REQUEST_OID) != 0) && 
 		(strcmp(extop_oid, REPL_NSDS71_REPLICATION_ENTRY_REQUEST_OID) != 0)) ||
-		NULL == extop_value)
+		NULL == extop_value || NULL == extop_value->bv_val)
 	{
 		/* Bogus */
 		goto loser;

ldap/servers/plugins/replication/repl_controls.c

@@ -216,7 +216,7 @@ decode_NSDS50ReplUpdateInfoControl(LDAPControl **controlsp,
 	if (slapi_control_present(controlsp, REPL_NSDS50_UPDATE_INFO_CONTROL_OID,
 	    &ctl_value, &iscritical))
 	{
-		if ((tmp_bere = ber_init(ctl_value)) == NULL)
+		if ((ctl_value->bv_val == NULL) || (tmp_bere = ber_init(ctl_value)) == NULL)
 		{
 			rc = -1;
 			goto loser;

ldap/servers/plugins/replication/repl_extop.c

@@ -342,7 +342,7 @@ decode_startrepl_extop(Slapi_PBlock *pb, char **protocol_oid, char **repl_root,
 	if (NULL == extop_oid ||
 		((strcmp(extop_oid, REPL_START_NSDS50_REPLICATION_REQUEST_OID) != 0) &&
 		(strcmp(extop_oid, REPL_START_NSDS90_REPLICATION_REQUEST_OID) != 0)) ||
-		NULL == extop_value)
+		NULL == extop_value || NULL == extop_value->bv_val)
 	{
 		/* bogus */
 		rc = -1;
@@ -478,7 +478,7 @@ decode_endrepl_extop(Slapi_PBlock *pb, char **repl_root)
 
 	if (NULL == extop_oid ||
 		strcmp(extop_oid, REPL_END_NSDS50_REPLICATION_REQUEST_OID) != 0 ||
-		NULL == extop_value)
+		NULL == extop_value || NULL == extop_value->bv_val)
 	{
 		/* bogus */
 		rc = -1;
@@ -542,7 +542,7 @@ decode_repl_ext_response(struct berval *bvdata, int *response_code,
 	PR_ASSERT(NULL != ruv_bervals);
 
 	if (NULL == bvdata || NULL == response_code || NULL == ruv_bervals ||
-		NULL == data_guid || NULL == data)
+		NULL == data_guid || NULL == data || NULL == bvdata->bv_val)
 	{
 		return_value = -1;
 	}

ldap/servers/plugins/replication/windows_private.c

@@ -609,6 +609,12 @@ void windows_private_update_dirsync_control(const Repl_Agmt *ra,LDAPControl **co
 		{
 #ifdef FOR_DEBUGGING
 			return_value = LDAP_CONTROL_NOT_FOUND;
+#endif
+			goto choke;
+		}
+		else if (!controls[i-1]->ldctl_value.bv_val) {
+#ifdef FOR_DEBUGGING
+			return_value = LDAP_CONTROL_NOT_FOUND;
 #endif
 			goto choke;
 		}

ldap/servers/slapd/back-ldbm/sort.c

@@ -299,6 +299,10 @@ int parse_sort_spec(struct berval *sort_spec_ber, sort_spec **ps)
 	char *matchrule = NULL;
 	int rc = LDAP_SUCCESS;
 
+	if (NULL == sort_spec_ber->bv_val) {
+		return LDAP_PROTOCOL_ERROR;
+	}
+
 	ber = ber_init(sort_spec_ber);
     if(ber==NULL)
     {

ldap/servers/slapd/back-ldbm/vlv.c

@@ -1846,6 +1846,12 @@ vlv_parse_request_control( backend *be, struct berval *vlv_spec_ber,struct vlv_r
     vlvp->value.bv_len = 0;
     vlvp->value.bv_val = NULL;
 
+    if (NULL == vlv_spec_ber->bv_val)
+    {
+        return_value= LDAP_OPERATIONS_ERROR;
+        return return_value;
+    }
+
     ber = ber_init(vlv_spec_ber);
     if (ber_scanf(ber, "{ii", &vlvp->beforeCount, &vlvp->afterCount) == LBER_ERROR)
     {

ldap/servers/slapd/passwd_extop.c

@@ -527,6 +527,16 @@ passwd_modify_extop( Slapi_PBlock *pb )
 
 	/* Get the ber value of the extended operation */
 	slapi_pblock_get(pb, SLAPI_EXT_OP_REQ_VALUE, &extop_value);
+
+	if (extop_value->bv_val == NULL)
+	{
+		/* The request field wasn't provided.  We'll
+		 * now try to determine the userid and verify
+		 * knowledge of the old password via other
+		 * means.
+		 */
+		goto parse_req_done;
+	}
 	
 	if ((ber = ber_init(extop_value)) == NULL)
 	{