Ticket #48822 - (389-ds-base-1.3.5) Fixing coverity issues.

Description: Buffer Overflow
BAD_SIZEOF -- slapd/ssl.c:3021: bad_sizeof: Taking the size of "randomPassword",
which is the address of an object, is suspicious.  Removed unnecessary cast.

SIZEOF_MISMATCH -- slapd/mapping_tree.c:2229: suspicious_sizeof: Passing
argument "errorbuf" of type "char *" and argument "8U /* sizeof (errorbuf) */"
to function "PL_strncpyz" is suspicious.

A pointer of an array is passed to a function, in which it tried to get the the
array size with sizeof, which does not work.  Changed the API to pass the size
of the array.

https://fedorahosted.org/389/ticket/48822

Reviewed by [email protected] (Thank you, William!!)

ldap/servers/plugins/retrocl/retrocl.c

@@ -203,7 +203,7 @@ static int retrocl_select_backend(void)
     
     slapi_pblock_set(pb,SLAPI_OPERATION, op);
 
-    err = slapi_mapping_tree_select(pb,&be,&referral,errbuf);
+    err = slapi_mapping_tree_select(pb, &be, &referral, errbuf, sizeof(errbuf));
     slapi_entry_free(referral);
 
     if (err != LDAP_SUCCESS || be == NULL || be == defbackend_get_backend()) {

ldap/servers/slapd/add.c

@@ -152,7 +152,7 @@ do_add( Slapi_PBlock *pb )
 		if ( !normtype || !*normtype ) {
 			char ebuf[SLAPI_DSE_RETURNTEXT_SIZE];
 			rc = LDAP_INVALID_SYNTAX;
-			slapi_create_errormsg(ebuf, 0, "invalid type '%s'", type);
+			slapi_create_errormsg(ebuf, sizeof(ebuf), "invalid type '%s'", type);
 			op_shared_log_error_access (pb, "ADD", slapi_sdn_get_dn (slapi_entry_get_sdn_const(e)), ebuf);
 			send_ldap_result( pb, rc, NULL, ebuf, 0, NULL );
             slapi_ch_free_string(&type);
@@ -487,7 +487,7 @@ static void op_shared_add (Slapi_PBlock *pb)
 	 * We could be serving multiple database backends.  Select the
 	 * appropriate one.
 	 */
-	if ((err = slapi_mapping_tree_select(pb, &be, &referral, errorbuf)) != LDAP_SUCCESS) {
+	if ((err = slapi_mapping_tree_select(pb, &be, &referral, errorbuf, sizeof(errorbuf))) != LDAP_SUCCESS) {
 		send_ldap_result(pb, err, NULL, errorbuf, 0, NULL);
 		be = NULL;
 		goto done;

ldap/servers/slapd/attr.c

@@ -938,7 +938,7 @@ int attr_replace(Slapi_Attr *a, Slapi_Value **vals)
 }
 
 int 
-attr_check_onoff ( const char *attr_name, char *value, long minval, long maxval, char *errorbuf )
+attr_check_onoff ( const char *attr_name, char *value, long minval, long maxval, char *errorbuf, size_t ebuflen )
 {
 	int retVal = LDAP_SUCCESS;
 
@@ -948,7 +948,7 @@ attr_check_onoff ( const char *attr_name, char *value, long minval, long maxval,
 	    strcasecmp ( value, "0" ) != 0 &&
 	    strcasecmp ( value, "true" ) != 0 &&
 	    strcasecmp ( value, "false" ) != 0 ) {
-		slapi_create_errormsg(errorbuf, 0, "%s: invalid value \"%s\".", attr_name, value);
+		slapi_create_errormsg(errorbuf, ebuflen, "%s: invalid value \"%s\".", attr_name, value);
 		retVal = LDAP_CONSTRAINT_VIOLATION;
 	}
 
@@ -956,7 +956,7 @@ attr_check_onoff ( const char *attr_name, char *value, long minval, long maxval,
 }
 
 int 
-attr_check_minmax ( const char *attr_name, char *value, long minval, long maxval, char *errorbuf )
+attr_check_minmax ( const char *attr_name, char *value, long minval, long maxval, char *errorbuf, size_t ebuflen )
 {
 	int retVal = LDAP_SUCCESS;
 	long val;
@@ -964,7 +964,7 @@ attr_check_minmax ( const char *attr_name, char *value, long minval, long maxval
 	val = strtol(value, NULL, 0);
 	if ( (minval != -1 ? (val < minval ? 1 : 0) : 0) ||
 		 (maxval != -1 ? (val > maxval ? 1 : 0) : 0) ) {
-		slapi_create_errormsg(errorbuf, 0, "%s: invalid value \"%s\".", attr_name, value);
+		slapi_create_errormsg(errorbuf, ebuflen, "%s: invalid value \"%s\".", attr_name, value);
 		retVal = LDAP_CONSTRAINT_VIOLATION;
 	}
 

ldap/servers/slapd/back-ldbm/ldbm_config.c

@@ -425,7 +425,7 @@ static int ldbm_config_dbcachesize_set(void *arg, void *value, char *errorbuf, i
         } else if (val > li->li_dbcachesize) {
             delta = val - li->li_dbcachesize;
             if (!util_is_cachesize_sane(&delta)){
-                slapi_create_errormsg(errorbuf, 0, "Error: dbcachememsize value is too large.");
+                slapi_create_errormsg(errorbuf, SLAPI_DSE_RETURNTEXT_SIZE, "Error: dbcachememsize value is too large.");
                 LDAPDebug0Args(LDAP_DEBUG_ANY,"Error: dbcachememsize value is too large.\n");
                 return LDAP_UNWILLING_TO_PERFORM;
             }
@@ -497,7 +497,7 @@ static int ldbm_config_dbncache_set(void *arg, void *value, char *errorbuf, int
         if (val > li->li_dbncache) {
             delta = val - li->li_dbncache;
             if (!util_is_cachesize_sane(&delta)){
-                slapi_create_errormsg(errorbuf, 0, "Error: dbncache size value is too large.");
+                slapi_create_errormsg(errorbuf, SLAPI_DSE_RETURNTEXT_SIZE, "Error: dbncache size value is too large.");
                 LDAPDebug1Arg(LDAP_DEBUG_ANY,"Error: dbncache size value is too large.\n", val);
                 return LDAP_UNWILLING_TO_PERFORM;
             }
@@ -780,7 +780,7 @@ static int ldbm_config_db_old_idl_maxids_set(void *arg, void *value, char *error
         if(val >= 0){
             li->li_old_idl_maxids = val;
         } else {
-            slapi_create_errormsg(errorbuf, 0,
+            slapi_create_errormsg(errorbuf, SLAPI_DSE_RETURNTEXT_SIZE,
         	            "Error: Invalid value for %s (%d). Value must be equal or greater than zero.",
         	            CONFIG_DB_OLD_IDL_MAXIDS, val);
             return LDAP_UNWILLING_TO_PERFORM;
@@ -844,7 +844,7 @@ static int ldbm_config_db_trickle_percentage_set(void *arg, void *value, char *e
     int val = (int) ((uintptr_t)value);
     
     if (val < 0 || val > 100) {
-        slapi_create_errormsg(errorbuf, 0, "Error: Invalid value for %s (%d). Must be between 0 and 100\n",
+        slapi_create_errormsg(errorbuf, SLAPI_DSE_RETURNTEXT_SIZE, "Error: Invalid value for %s (%d). Must be between 0 and 100\n",
             CONFIG_DB_TRICKLE_PERCENTAGE, val);
         LDAPDebug2Args(LDAP_DEBUG_ANY, "Error: Invalid value for %s (%d). Must be between 0 and 100\n",
             CONFIG_DB_TRICKLE_PERCENTAGE, val);
@@ -1078,7 +1078,7 @@ static int ldbm_config_db_cache_set(void *arg, void *value, char *errorbuf, int
         if (val > li->li_dblayer_private->dblayer_cache_config) {
             delta = val - li->li_dblayer_private->dblayer_cache_config;
             if (!util_is_cachesize_sane(&delta)){
-                slapi_create_errormsg(errorbuf, 0, "Error: db cachesize value is too large");
+                slapi_create_errormsg(errorbuf, SLAPI_DSE_RETURNTEXT_SIZE, "Error: db cachesize value is too large");
                 LDAPDebug1Arg(LDAP_DEBUG_ANY,"Error: db cachesize value is too large.\n", val);
                 return LDAP_UNWILLING_TO_PERFORM;
             }
@@ -1209,7 +1209,7 @@ static int ldbm_config_import_cachesize_set(void *arg, void *value, char *errorb
         if (val > li->li_import_cachesize) {
             delta = val - li->li_import_cachesize;
             if (!util_is_cachesize_sane(&delta)){
-                slapi_create_errormsg(errorbuf, 0, "Error: import cachesize value is too large.");
+                slapi_create_errormsg(errorbuf, SLAPI_DSE_RETURNTEXT_SIZE, "Error: import cachesize value is too large.");
                 LDAPDebug0Args(LDAP_DEBUG_ANY,"Error: import cachesize value is too large.\n");
                 return LDAP_UNWILLING_TO_PERFORM;
             }
@@ -1471,7 +1471,7 @@ static int ldbm_config_db_deadlock_policy_set(void *arg, void *value, char *erro
     u_int32_t val = (u_int32_t) ((uintptr_t)value);
 
     if (val > DB_LOCK_YOUNGEST) {
-	    slapi_create_errormsg(errorbuf, 0,
+	    slapi_create_errormsg(errorbuf, SLAPI_DSE_RETURNTEXT_SIZE,
 	                "Error: Invalid value for %s (%d). Must be between %d and %d inclusive",
 	                CONFIG_DB_DEADLOCK_POLICY, val, DB_LOCK_DEFAULT, DB_LOCK_YOUNGEST);
 	    LDAPDebug(LDAP_DEBUG_ANY, "Error: Invalid value for deadlock policy (%d). Must be between %d and %d inclusive",
@@ -1479,7 +1479,7 @@ static int ldbm_config_db_deadlock_policy_set(void *arg, void *value, char *erro
 	    return LDAP_UNWILLING_TO_PERFORM;
     }
     if (val == DB_LOCK_NORUN) {
-	    slapi_create_errormsg(errorbuf, 0,
+	    slapi_create_errormsg(errorbuf, SLAPI_DSE_RETURNTEXT_SIZE,
 	                "Warning: Setting value for %s to (%d) will disable deadlock detection",
 	                CONFIG_DB_DEADLOCK_POLICY, val);
 	    LDAPDebug2Args(LDAP_DEBUG_ANY, "Warning: Setting value for %s to (%d) will disable deadlock detection",
@@ -1902,7 +1902,7 @@ int ldbm_config_set(void *arg, char *attr_name, config_info *config_array, struc
     config = get_config_info(config_array, attr_name);
     if (NULL == config) {
         LDAPDebug(LDAP_DEBUG_CONFIG, "Unknown config attribute %s\n", attr_name, 0, 0);
-        slapi_create_errormsg(err_buf, 0, "Unknown config attribute %s\n", attr_name);
+        slapi_create_errormsg(err_buf, SLAPI_DSE_RETURNTEXT_SIZE, "Unknown config attribute %s\n", attr_name);
         return LDAP_SUCCESS; /* Ignore unknown attributes */
     }
 
@@ -1910,7 +1910,7 @@ int ldbm_config_set(void *arg, char *attr_name, config_info *config_array, struc
     if (phase == CONFIG_PHASE_RUNNING && 
         !(config->config_flags & CONFIG_FLAG_ALLOW_RUNNING_CHANGE)) {
         LDAPDebug1Arg(LDAP_DEBUG_ANY, "%s can't be modified while the server is running.\n", attr_name);
-        slapi_create_errormsg(err_buf, 0, "%s can't be modified while the server is running.\n", attr_name);
+        slapi_create_errormsg(err_buf, SLAPI_DSE_RETURNTEXT_SIZE, "%s can't be modified while the server is running.\n", attr_name);
         return LDAP_UNWILLING_TO_PERFORM;
     }
     
@@ -1928,7 +1928,7 @@ int ldbm_config_set(void *arg, char *attr_name, config_info *config_array, struc
            previously set to a non-default value */
         if (SLAPI_IS_MOD_ADD(mod_op) && apply_mod &&
             (config->config_flags & CONFIG_FLAG_PREVIOUSLY_SET)) {
-            slapi_create_errormsg(err_buf, 0, "cannot add a value to single valued attribute %s.\n", attr_name);
+            slapi_create_errormsg(err_buf, SLAPI_DSE_RETURNTEXT_SIZE, "cannot add a value to single valued attribute %s.\n", attr_name);
             return LDAP_OBJECT_CLASS_VIOLATION;
         }
     }
@@ -1939,7 +1939,7 @@ int ldbm_config_set(void *arg, char *attr_name, config_info *config_array, struc
         char buf[BUFSIZ];
         ldbm_config_get(arg, config, buf);
         if (PL_strncmp(buf, bval->bv_val, bval->bv_len)) {
-            slapi_create_errormsg(err_buf, 0,
+            slapi_create_errormsg(err_buf, SLAPI_DSE_RETURNTEXT_SIZE,
                 "value [%s] for attribute %s does not match existing value [%s].\n", bval->bv_val, attr_name, buf);
             return LDAP_NO_SUCH_ATTRIBUTE;
         }
@@ -1956,19 +1956,19 @@ int ldbm_config_set(void *arg, char *attr_name, config_info *config_array, struc
         llval = db_atoi(str_val, &err);
         /* check for parsing error (e.g. not a number) */
         if (err) {
-            slapi_create_errormsg(err_buf, 0, "Error: value %s for attr %s is not a number\n", str_val, attr_name);
+            slapi_create_errormsg(err_buf, SLAPI_DSE_RETURNTEXT_SIZE, "Error: value %s for attr %s is not a number\n", str_val, attr_name);
             LDAPDebug2Args(LDAP_DEBUG_ANY, "Error: value %s for attr %s is not a number\n", str_val, attr_name);
             return LDAP_UNWILLING_TO_PERFORM;
         /* check for overflow */
         } else if (LL_CMP(llval, >, llmaxint)) {
-            slapi_create_errormsg(err_buf, 0, "Error: value %s for attr %s is greater than the maximum %d\n",
+            slapi_create_errormsg(err_buf, SLAPI_DSE_RETURNTEXT_SIZE, "Error: value %s for attr %s is greater than the maximum %d\n",
                     str_val, attr_name, maxint);
             LDAPDebug(LDAP_DEBUG_ANY, "Error: value %s for attr %s is greater than the maximum %d\n",
                     str_val, attr_name, maxint);
             return LDAP_UNWILLING_TO_PERFORM;
         /* check for underflow */
         } else if (LL_CMP(llval, <, llminint)) {
-            slapi_create_errormsg(err_buf, 0, "Error: value %s for attr %s is less than the minimum %d\n",
+            slapi_create_errormsg(err_buf, SLAPI_DSE_RETURNTEXT_SIZE, "Error: value %s for attr %s is less than the minimum %d\n",
                     str_val, attr_name, minint);
             LDAPDebug(LDAP_DEBUG_ANY, "Error: value %s for attr %s is less than the minimum %d\n",
                     str_val, attr_name, minint);
@@ -1996,21 +1996,21 @@ int ldbm_config_set(void *arg, char *attr_name, config_info *config_array, struc
         llval = db_atoi(str_val, &err);
         /* check for parsing error (e.g. not a number) */
         if (err) {
-            slapi_create_errormsg(err_buf, 0, "Error: value %s for attr %s is not a number\n",
+            slapi_create_errormsg(err_buf, SLAPI_DSE_RETURNTEXT_SIZE, "Error: value %s for attr %s is not a number\n",
                     str_val, attr_name);
             LDAPDebug2Args(LDAP_DEBUG_ANY, "Error: value %s for attr %s is not a number\n",
                     str_val, attr_name);
             return LDAP_UNWILLING_TO_PERFORM;
         /* check for overflow */
         } else if (LL_CMP(llval, >, llmaxint)) {
-            slapi_create_errormsg(err_buf, 0, "Error: value %s for attr %s is greater than the maximum %d\n",
+            slapi_create_errormsg(err_buf, SLAPI_DSE_RETURNTEXT_SIZE, "Error: value %s for attr %s is greater than the maximum %d\n",
                     str_val, attr_name, maxint);
             LDAPDebug(LDAP_DEBUG_ANY, "Error: value %s for attr %s is greater than the maximum %d\n",
                     str_val, attr_name, maxint);
             return LDAP_UNWILLING_TO_PERFORM;
         /* check for underflow */
         } else if (LL_CMP(llval, <, llminint)) {
-            slapi_create_errormsg(err_buf, 0, "Error: value %s for attr %s is less than the minimum %d\n",
+            slapi_create_errormsg(err_buf, SLAPI_DSE_RETURNTEXT_SIZE, "Error: value %s for attr %s is less than the minimum %d\n",
                     str_val, attr_name, minint);
             LDAPDebug(LDAP_DEBUG_ANY, "Error: value %s for attr %s is less than the minimum %d\n",
                     str_val, attr_name, minint);
@@ -2032,14 +2032,14 @@ int ldbm_config_set(void *arg, char *attr_name, config_info *config_array, struc
 
         /* check for parsing error (e.g. not a number) */
         if (err == EINVAL) {
-            slapi_create_errormsg(err_buf, 0, "Error: value %s for attr %s is not a number\n",
+            slapi_create_errormsg(err_buf, SLAPI_DSE_RETURNTEXT_SIZE, "Error: value %s for attr %s is not a number\n",
                     str_val, attr_name);
             LDAPDebug2Args(LDAP_DEBUG_ANY, "Error: value %s for attr %s is not a number\n",
                     str_val, attr_name);
             return LDAP_UNWILLING_TO_PERFORM;
             /* check for overflow */
         } else if (err == ERANGE) {
-            slapi_create_errormsg(err_buf, 0, "Error: value %s for attr %s is outside the range of representable values\n",
+            slapi_create_errormsg(err_buf, SLAPI_DSE_RETURNTEXT_SIZE, "Error: value %s for attr %s is outside the range of representable values\n",
                     str_val, attr_name);
             LDAPDebug2Args(LDAP_DEBUG_ANY, "Error: value %s for attr %s is outside the range of representable values\n",
                     str_val, attr_name);

ldap/servers/slapd/back-ldbm/ldbm_index_config.c

@@ -146,7 +146,7 @@ ldbm_instance_index_config_delete_callback(Slapi_PBlock *pb, Slapi_Entry* e, Sla
   if ((slapi_counter_get_value(inst->inst_ref_count) > 0) ||
       /* check if the backend is ON or not. 
        * If offline or being deleted, non SUCCESS is returned. */
-      (slapi_mapping_tree_select(pb, &be, NULL, returntext) != LDAP_SUCCESS)) {
+      (slapi_mapping_tree_select(pb, &be, NULL, returntext, SLAPI_DSE_RETURNTEXT_SIZE) != LDAP_SUCCESS)) {
     *returncode = LDAP_UNAVAILABLE;
     rc = SLAPI_DSE_CALLBACK_ERROR;
     goto bail;

ldap/servers/slapd/back-ldbm/ldbm_instance_config.c

@@ -109,7 +109,7 @@ ldbm_instance_config_cachememsize_set(void *arg, void *value, char *errorbuf, in
         if (val > inst->inst_cache.c_maxsize) {
             delta = val - inst->inst_cache.c_maxsize;
             if (!util_is_cachesize_sane(&delta)){
-                slapi_create_errormsg(errorbuf, 0, "Error: cachememsize value is too large.");
+                slapi_create_errormsg(errorbuf, SLAPI_DSE_RETURNTEXT_SIZE, "Error: cachememsize value is too large.");
                 LDAPDebug0Args(LDAP_DEBUG_ANY, "Error: cachememsize value is too large.\n");
                 return LDAP_UNWILLING_TO_PERFORM;
             }
@@ -151,7 +151,7 @@ ldbm_instance_config_dncachememsize_set(void *arg, void *value, char *errorbuf,
         if (val > inst->inst_dncache.c_maxsize) {
             delta = val - inst->inst_dncache.c_maxsize;
             if (!util_is_cachesize_sane(&delta)){
-                slapi_create_errormsg(errorbuf, 0, "Error: dncachememsize value is too large.");
+                slapi_create_errormsg(errorbuf, SLAPI_DSE_RETURNTEXT_SIZE, "Error: dncachememsize value is too large.");
                 LDAPDebug0Args(LDAP_DEBUG_ANY,"Error: dncachememsize value is too large.\n");
                 return LDAP_UNWILLING_TO_PERFORM;
             }

ldap/servers/slapd/bind.c

@@ -655,7 +655,7 @@ do_bind( Slapi_PBlock *pb )
     }
 
     /* We could be serving multiple database backends.  Select the appropriate one */
-    if (slapi_mapping_tree_select(pb, &be, &referral, NULL) != LDAP_SUCCESS) {
+    if (slapi_mapping_tree_select(pb, &be, &referral, NULL, 0) != LDAP_SUCCESS) {
         send_nobackend_ldap_result( pb );
         be = NULL;
         goto free_and_return;
@@ -685,7 +685,7 @@ do_bind( Slapi_PBlock *pb )
             Slapi_DN *pb_sdn;
             slapi_pblock_get(pb, SLAPI_BIND_TARGET_SDN, &pb_sdn);
             if (!pb_sdn) {
-                slapi_create_errormsg(errorbuf, 0, "Pre-bind plug-in set NULL dn\n");
+                slapi_create_errormsg(errorbuf, sizeof(errorbuf), "Pre-bind plug-in set NULL dn\n");
                 send_ldap_result(pb, LDAP_OPERATIONS_ERROR, NULL, errorbuf, 0, NULL);
                 goto free_and_return;
             } else if ((pb_sdn != sdn) || (sdn_updated = slapi_sdn_compare(original_sdn, pb_sdn))) {
@@ -696,7 +696,7 @@ do_bind( Slapi_PBlock *pb )
                 sdn = pb_sdn;
                 dn = slapi_sdn_get_dn(sdn);
                 if (!dn) {
-                    slapi_create_errormsg(errorbuf, 0, "Pre-bind plug-in set corrupted dn\n");
+                    slapi_create_errormsg(errorbuf, sizeof(errorbuf), "Pre-bind plug-in set corrupted dn\n");
                     send_ldap_result(pb, LDAP_OPERATIONS_ERROR, NULL, errorbuf, 0, NULL);
                     goto free_and_return;
                 }
@@ -710,7 +710,7 @@ do_bind( Slapi_PBlock *pb )
                         slapi_be_Rlock(be);
                         slapi_pblock_set( pb, SLAPI_BACKEND, be );
                     } else {
-                        slapi_create_errormsg(errorbuf, 0, "No matching backend for %s\n", dn);
+                        slapi_create_errormsg(errorbuf, sizeof(errorbuf), "No matching backend for %s\n", dn);
                         send_ldap_result(pb, LDAP_OPERATIONS_ERROR, NULL, errorbuf, 0, NULL);
                         goto free_and_return;
                     }

ldap/servers/slapd/compare.c

@@ -119,7 +119,7 @@ do_compare( Slapi_PBlock *pb )
 	 * We could be serving multiple database backends.  Select the
 	 * appropriate one.
 	 */
-	if ((err = slapi_mapping_tree_select(pb, &be, &referral, errorbuf)) != LDAP_SUCCESS) {
+	if ((err = slapi_mapping_tree_select(pb, &be, &referral, errorbuf, sizeof(errorbuf))) != LDAP_SUCCESS) {
 		send_ldap_result(pb, err, NULL, errorbuf, 0, NULL);
 		be = NULL;
 		goto free_and_return;

ldap/servers/slapd/delete.c

@@ -290,7 +290,7 @@ static void op_shared_delete (Slapi_PBlock *pb)
 	 * We could be serving multiple database backends.  Select the
 	 * appropriate one.
 	 */
-	if ((err = slapi_mapping_tree_select(pb, &be, &referral, errorbuf)) != LDAP_SUCCESS) {
+	if ((err = slapi_mapping_tree_select(pb, &be, &referral, errorbuf, sizeof(errorbuf))) != LDAP_SUCCESS) {
 		send_ldap_result(pb, err, NULL, errorbuf, 0, NULL);
 		be = NULL;
 		goto free_and_return;

ldap/servers/slapd/libglobs.c

@@ -1814,7 +1814,7 @@ config_value_is_null( const char *attrname, const char *value, char *errorbuf,
 		int or_zero_length )
 {
 	if ( NULL == value || ( or_zero_length && *value == '\0' )) {
-		slapi_create_errormsg(errorbuf, 0, "%s: deleting the value is not allowed.", attrname);
+		slapi_create_errormsg(errorbuf, SLAPI_DSE_RETURNTEXT_SIZE, "%s: deleting the value is not allowed.", attrname);
 		return 1;
 	}
 
@@ -1869,7 +1869,7 @@ config_set_disk_threshold( const char *attrname, char *value, char *errorbuf, in
     errno = 0;
     threshold = strtoll(value, &endp, 10);
     if ( *endp != '\0' || threshold <= 4096 || errno == ERANGE ) {
-        slapi_create_errormsg(errorbuf, 0,
+        slapi_create_errormsg(errorbuf, SLAPI_DSE_RETURNTEXT_SIZE,
                 "%s: \"%s\" is invalid, threshold must be greater than 4096 and less then %lld",
                 attrname, value, (long long int)LONG_MAX);
         retVal = LDAP_OPERATIONS_ERROR;
@@ -1910,7 +1910,7 @@ config_set_disk_grace_period( const char *attrname, char *value, char *errorbuf,
 
     period = strtol(value, &endp, 10);
     if ( *endp != '\0' || period < 1 || errno == ERANGE ) {
-        slapi_create_errormsg(errorbuf, 0, 
+        slapi_create_errormsg(errorbuf, SLAPI_DSE_RETURNTEXT_SIZE, 
                 "%s: \"%s\" is invalid, grace period must be at least 1 minute", attrname, value);
         retVal = LDAP_OPERATIONS_ERROR;
         return retVal;
@@ -1947,7 +1947,7 @@ config_set_ndn_cache_max_size(const char *attrname, char *value, char *errorbuf,
     size = strtol(value, &endp, 10);
     if ( *endp != '\0' || errno == ERANGE){
         retVal = LDAP_OPERATIONS_ERROR;
-        slapi_create_errormsg(errorbuf, 0, "(%s) value (%s) is invalid\n", attrname, value);
+        slapi_create_errormsg(errorbuf, SLAPI_DSE_RETURNTEXT_SIZE, "(%s) value (%s) is invalid\n", attrname, value);
         return retVal;
     }
 
@@ -1955,7 +1955,7 @@ config_set_ndn_cache_max_size(const char *attrname, char *value, char *errorbuf,
         size = 0; /* same as -1 */
     }
     if(size > 0 && size < 1024000){
-        slapi_create_errormsg(errorbuf, 0, 
+        slapi_create_errormsg(errorbuf, SLAPI_DSE_RETURNTEXT_SIZE, 
                 "ndn_cache_max_size too low(%d), changing to %d bytes.\n",(int)size, NDN_DEFAULT_SIZE);
         size = NDN_DEFAULT_SIZE;
     }
@@ -1980,12 +1980,12 @@ config_set_sasl_maxbufsize(const char *attrname, char *value, char *errorbuf, in
     size = strtol(value, &endp, 10);
     if ( *endp != '\0' || errno == ERANGE){
         retVal = LDAP_OPERATIONS_ERROR;
-        slapi_create_errormsg(errorbuf, 0, "(%s) value (%s) is invalid\n", attrname, value);
+        slapi_create_errormsg(errorbuf, SLAPI_DSE_RETURNTEXT_SIZE, "(%s) value (%s) is invalid\n", attrname, value);
         return retVal;
     }
 
     if(size < default_size){
-        slapi_create_errormsg(errorbuf, 0,
+        slapi_create_errormsg(errorbuf, SLAPI_DSE_RETURNTEXT_SIZE,
                 "nsslapd-sasl-max-buffer-size is too low (%ld), setting to default value (%ld).\n",
                  size, default_size);
         size = default_size;
@@ -2025,7 +2025,7 @@ config_set_port( const char *attrname, char *port, char *errorbuf, int apply ) {
   nPort = strtol(port, &endp, 10);
   if ( *endp != '\0' || errno == ERANGE || nPort > LDAP_PORT_MAX || nPort < 0 ) {
 	retVal = LDAP_OPERATIONS_ERROR;
-	slapi_create_errormsg(errorbuf, 0,
+	slapi_create_errormsg(errorbuf, SLAPI_DSE_RETURNTEXT_SIZE,
 	        "%s: \"%s\" is invalid, ports must range from 0 to %d", attrname, port, LDAP_PORT_MAX);
 	return retVal;
   }
@@ -2060,7 +2060,7 @@ config_set_secureport( const char *attrname, char *port, char *errorbuf, int app
   nPort = strtol(port, &endp, 10);
   if (*endp != '\0' || errno == ERANGE || nPort > LDAP_PORT_MAX || nPort <= 0 ) {
 	retVal = LDAP_OPERATIONS_ERROR;
-	slapi_create_errormsg(errorbuf, 0,
+	slapi_create_errormsg(errorbuf, SLAPI_DSE_RETURNTEXT_SIZE,
 	        "%s: \"%s\" is invalid, ports must range from 1 to %d", attrname, port, LDAP_PORT_MAX);
   }
   
@@ -2089,7 +2089,7 @@ config_set_SSLclientAuth( const char *attrname, char *value, char *errorbuf, int
 			strcasecmp (value, "allowed") != 0 &&
 			strcasecmp (value, "required")!= 0 ) {
 	retVal = LDAP_OPERATIONS_ERROR;
-	slapi_create_errormsg(errorbuf, 0, "%s: unsupported value: %s", attrname, value);
+	slapi_create_errormsg(errorbuf, SLAPI_DSE_RETURNTEXT_SIZE, "%s: unsupported value: %s", attrname, value);
 	return retVal;
   }
   else if ( !apply ) {
@@ -2110,7 +2110,7 @@ config_set_SSLclientAuth( const char *attrname, char *value, char *errorbuf, int
   }
   else {
 	retVal = LDAP_OPERATIONS_ERROR;
-	slapi_create_errormsg(errorbuf, 0, "%s: unsupported value: %s", attrname, value);
+	slapi_create_errormsg(errorbuf, SLAPI_DSE_RETURNTEXT_SIZE, "%s: unsupported value: %s", attrname, value);
   }
 
   CFG_UNLOCK_WRITE(slapdFrontendConfig);
@@ -2190,7 +2190,7 @@ config_set_snmp_index(const char *attrname, char *value, char *errorbuf, int app
                 snmp_index = strtol(value, &endp, 10);
 
                 if (*endp != '\0' || errno == ERANGE || snmp_index < snmp_index_disable) {
-                    slapi_create_errormsg(errorbuf, 0,
+                    slapi_create_errormsg(errorbuf, SLAPI_DSE_RETURNTEXT_SIZE,
                             "%s: invalid value \"%s\", %s must be greater or equal to %lu (%lu means disabled)",
                             attrname, value, CONFIG_SNMP_INDEX_ATTRIBUTE, snmp_index_disable, snmp_index_disable);
                     retVal = LDAP_OPERATIONS_ERROR;
@@ -2454,7 +2454,7 @@ config_set_sizelimit( const char *attrname, char *value, char *errorbuf, int app
   sizelimit = strtol(value, &endp, 10);
 
   if ( *endp != '\0' || errno == ERANGE || sizelimit < -1 ) {
-	slapi_create_errormsg(errorbuf, 0, "%s: \"%s\" is invalid, sizelimit must range from -1 to %lld",
+	slapi_create_errormsg(errorbuf, SLAPI_DSE_RETURNTEXT_SIZE, "%s: \"%s\" is invalid, sizelimit must range from -1 to %lld",
 			attrname, value, (long long int)LONG_MAX );
 	retVal = LDAP_OPERATIONS_ERROR;
 	return retVal;
@@ -2498,7 +2498,7 @@ config_set_pagedsizelimit( const char *attrname, char *value, char *errorbuf, in
   pagedsizelimit = strtol(value, &endp, 10);
 
   if ( *endp != '\0' || errno == ERANGE || pagedsizelimit < -1 ) {
-	slapi_create_errormsg(errorbuf, 0,
+	slapi_create_errormsg(errorbuf, SLAPI_DSE_RETURNTEXT_SIZE,
 	            "%s: \"%s\" is invalid, pagedsizelimit must range from -1 to %lld",
 	            attrname, value, (long long int)LONG_MAX );
 	retVal = LDAP_OPERATIONS_ERROR;
@@ -2540,10 +2540,10 @@ config_set_pw_storagescheme( const char *attrname, char *value, char *errorbuf,
   new_scheme = pw_name2scheme(value);
   if ( new_scheme == NULL) {
 	if ( scheme_list != NULL ) {
-		slapi_create_errormsg(errorbuf, 0, "%s: invalid scheme - %s. Valid schemes are: %s",
+		slapi_create_errormsg(errorbuf, SLAPI_DSE_RETURNTEXT_SIZE, "%s: invalid scheme - %s. Valid schemes are: %s",
 				attrname, value, scheme_list );
 	} else {
-		slapi_create_errormsg(errorbuf, 0,
+		slapi_create_errormsg(errorbuf, SLAPI_DSE_RETURNTEXT_SIZE,
 				"%s: invalid scheme - %s (no pwdstorage scheme plugin loaded)",
 				attrname, value);
 	}
@@ -2559,7 +2559,7 @@ config_set_pw_storagescheme( const char *attrname, char *value, char *errorbuf,
 	they are in clear. We don't take it */ 
 
 	if (scheme_list) {
-		slapi_create_errormsg(errorbuf, 0,
+		slapi_create_errormsg(errorbuf, SLAPI_DSE_RETURNTEXT_SIZE,
 				"pw_storagescheme: invalid encoding scheme - %s\nValid values are: %s\n", value, scheme_list);
 	}
 	retVal = LDAP_UNWILLING_TO_PERFORM;
@@ -2720,7 +2720,7 @@ config_set_pw_minlength( const char *attrname, char *value, char *errorbuf, int
   minLength = strtol(value, &endp, 10);
 
   if ( *endp != '\0' || errno == ERANGE || minLength < 2 || minLength > 512 ) {
-	slapi_create_errormsg(errorbuf, 0,
+	slapi_create_errormsg(errorbuf, SLAPI_DSE_RETURNTEXT_SIZE,
 	      "password minimum length \"%s\" is invalid. The minimum length must range from 2 to 512.", value);
 	retVal = LDAP_OPERATIONS_ERROR;
 	return retVal;
@@ -2753,7 +2753,7 @@ config_set_pw_mindigits( const char *attrname, char *value, char *errorbuf, int
   minDigits = strtol(value, &endp, 10);
 
   if ( *endp != '\0' || errno == ERANGE || minDigits < 0 || minDigits > 64 ) {
-      slapi_create_errormsg(errorbuf, 0,
+      slapi_create_errormsg(errorbuf, SLAPI_DSE_RETURNTEXT_SIZE,
               "password minimum number of digits \"%s\" is invalid. "
               "The minimum number of digits must range from 0 to 64.", value);
       retVal = LDAP_OPERATIONS_ERROR;
@@ -2787,7 +2787,7 @@ config_set_pw_minalphas( const char *attrname, char *value, char *errorbuf, int
   minAlphas = strtol(value, &endp, 10);
 
   if ( *endp != '\0' || errno == ERANGE || minAlphas < 0 || minAlphas > 64 ) {
-      slapi_create_errormsg(errorbuf, 0,
+      slapi_create_errormsg(errorbuf, SLAPI_DSE_RETURNTEXT_SIZE,
               "password minimum number of alphas \"%s\" is invalid. "
               "The minimum number of alphas must range from 0 to 64.", value);
       retVal = LDAP_OPERATIONS_ERROR;
@@ -2821,7 +2821,7 @@ config_set_pw_minuppers( const char *attrname, char *value, char *errorbuf, int
   minUppers = strtol(value, &endp, 10);
 
   if ( *endp != '\0' || errno == ERANGE || minUppers < 0 || minUppers > 64 ) {
-      slapi_create_errormsg(errorbuf, 0,
+      slapi_create_errormsg(errorbuf, SLAPI_DSE_RETURNTEXT_SIZE,
                     "password minimum number of uppercase characters \"%s\" is invalid. "
                     "The minimum number of uppercase characters must range from 0 to 64.", value);
       retVal = LDAP_OPERATIONS_ERROR;
@@ -2855,7 +2855,7 @@ config_set_pw_minlowers( const char *attrname, char *value, char *errorbuf, int
   minLowers = strtol(value, &endp, 10);
 
   if ( *endp != '\0' || errno == ERANGE || minLowers < 0 || minLowers > 64 ) {
-      slapi_create_errormsg(errorbuf, 0,
+      slapi_create_errormsg(errorbuf, SLAPI_DSE_RETURNTEXT_SIZE,
               "password minimum number of lowercase characters \"%s\" is invalid. "
               "The minimum number of lowercase characters must range from 0 to 64.", value);
       retVal = LDAP_OPERATIONS_ERROR;
@@ -2889,7 +2889,7 @@ config_set_pw_minspecials( const char *attrname, char *value, char *errorbuf, in
   minSpecials = strtol(value, &endp, 10);
 
   if ( *endp != '\0' || errno == ERANGE || minSpecials < 0 || minSpecials > 64 ) {
-      slapi_create_errormsg(errorbuf, 0,
+      slapi_create_errormsg(errorbuf, SLAPI_DSE_RETURNTEXT_SIZE,
               "password minimum number of special characters \"%s\" is invalid. "
               "The minimum number of special characters must range from 0 to 64.", value);
       retVal = LDAP_OPERATIONS_ERROR;
@@ -2923,7 +2923,7 @@ config_set_pw_min8bit( const char *attrname, char *value, char *errorbuf, int ap
   min8bit = strtol(value, &endp, 10);
 
   if ( *endp != '\0' || errno == ERANGE || min8bit < 0 || min8bit > 64 ) {
-      slapi_create_errormsg(errorbuf, 0,
+      slapi_create_errormsg(errorbuf, SLAPI_DSE_RETURNTEXT_SIZE,
               "password minimum number of 8-bit characters \"%s\" is invalid. "
               "The minimum number of 8-bit characters must range from 0 to 64.", value);
       retVal = LDAP_OPERATIONS_ERROR;
@@ -2957,7 +2957,7 @@ config_set_pw_maxrepeats( const char *attrname, char *value, char *errorbuf, int
   maxRepeats = strtol(value, &endp, 10);
 
   if ( *endp != '\0' || errno == ERANGE || maxRepeats < 0 || maxRepeats > 64 ) {
-      slapi_create_errormsg(errorbuf, 0,
+      slapi_create_errormsg(errorbuf, SLAPI_DSE_RETURNTEXT_SIZE,
               "password maximum number of repeated characters \"%s\" is invalid. "
               "The maximum number of repeated characters must range from 0 to 64.", value);
       retVal = LDAP_OPERATIONS_ERROR;
@@ -2991,7 +2991,7 @@ config_set_pw_mincategories( const char *attrname, char *value, char *errorbuf,
   minCategories = strtol(value, &endp, 10);
 
   if ( *endp != '\0' || errno == ERANGE || minCategories < 1 || minCategories > 5 ) {
-      slapi_create_errormsg(errorbuf, 0,
+      slapi_create_errormsg(errorbuf, SLAPI_DSE_RETURNTEXT_SIZE,
               "password minimum number of categories \"%s\" is invalid. "
               "The minimum number of categories must range from 1 to 5.", value);
       retVal = LDAP_OPERATIONS_ERROR;
@@ -3025,7 +3025,7 @@ config_set_pw_mintokenlength( const char *attrname, char *value, char *errorbuf,
   minTokenLength = strtol(value, &endp, 10);
 
   if ( *endp != '\0' || errno == ERANGE || minTokenLength < 1 || minTokenLength > 64 ) {
-      slapi_create_errormsg(errorbuf, 0,
+      slapi_create_errormsg(errorbuf, SLAPI_DSE_RETURNTEXT_SIZE,
               "password minimum token length \"%s\" is invalid. "
               "The minimum token length must range from 1 to 64.", value);
       retVal = LDAP_OPERATIONS_ERROR;
@@ -3059,7 +3059,7 @@ config_set_pw_maxfailure( const char *attrname, char *value, char *errorbuf, int
   maxFailure = strtol(value, &endp, 10);
 
   if ( *endp != '\0' || errno == ERANGE || maxFailure <= 0 || maxFailure > 32767 ) {
-	slapi_create_errormsg(errorbuf, 0,
+	slapi_create_errormsg(errorbuf, SLAPI_DSE_RETURNTEXT_SIZE,
 	      "password maximum retry \"%s\" is invalid. Password maximum failure must range from 1 to 32767", value);
 	retVal = LDAP_OPERATIONS_ERROR;
 	return retVal;
@@ -3094,7 +3094,7 @@ config_set_pw_inhistory( const char *attrname, char *value, char *errorbuf, int
   history = strtol(value, &endp, 10);
 
   if ( *endp != '\0' || errno == ERANGE || history < 1 || history > 24 ) {
-	slapi_create_errormsg(errorbuf, 0,
+	slapi_create_errormsg(errorbuf, SLAPI_DSE_RETURNTEXT_SIZE,
 	      "password history length \"%s\" is invalid. The password history must range from 1 to 24", value);
 	retVal = LDAP_OPERATIONS_ERROR;
 	return retVal;
@@ -3128,7 +3128,7 @@ config_set_pw_lockduration( const char *attrname, char *value, char *errorbuf, i
   duration = parse_duration(value);
 
   if ( errno == ERANGE || duration <= 0 || duration > (MAX_ALLOWED_TIME_IN_SECS - current_time()) ) {
-	slapi_create_errormsg(errorbuf, 0, "password lockout duration \"%s\" is invalid. ", value);
+	slapi_create_errormsg(errorbuf, SLAPI_DSE_RETURNTEXT_SIZE, "password lockout duration \"%s\" is invalid. ", value);
 	retVal = LDAP_OPERATIONS_ERROR;
 	return retVal;
   }
@@ -3157,7 +3157,7 @@ config_set_pw_resetfailurecount( const char *attrname, char *value, char *errorb
   duration = parse_duration(value);
 
   if ( errno == ERANGE || duration < 0 || duration > (MAX_ALLOWED_TIME_IN_SECS - current_time()) ) {
-	slapi_create_errormsg(errorbuf, 0, "password reset count duration \"%s\" is invalid. ", value);
+	slapi_create_errormsg(errorbuf, SLAPI_DSE_RETURNTEXT_SIZE, "password reset count duration \"%s\" is invalid. ", value);
 	retVal = LDAP_OPERATIONS_ERROR;
 	return retVal;
   }
@@ -3299,7 +3299,7 @@ config_set_pw_gracelimit( const char *attrname, char *value, char *errorbuf, int
   gracelimit = strtol(value, &endp, 10);
 
   if ( *endp != '\0' || errno == ERANGE || gracelimit < 0 ) {
-	slapi_create_errormsg(errorbuf, 0,
+	slapi_create_errormsg(errorbuf, SLAPI_DSE_RETURNTEXT_SIZE,
 	      "password grace limit \"%s\" is invalid, password grace limit must range from 0 to %lld",
 	      value , (long long int)LONG_MAX);
 	retVal = LDAP_OPERATIONS_ERROR;
@@ -3522,7 +3522,7 @@ config_set_onoff(const char *attrname, char *value, int *configvalue, char *erro
   
   CFG_ONOFF_LOCK_WRITE(slapdFrontendConfig);
   if (strcasecmp(value, "on") && strcasecmp(value, "off")) {
-    slapi_create_errormsg(errorbuf, 0,
+    slapi_create_errormsg(errorbuf, SLAPI_DSE_RETURNTEXT_SIZE,
             "%s: invalid value \"%s\". Valid values are \"on\" or \"off\".", attrname, value);
     retVal = LDAP_OPERATIONS_ERROR;
   }
@@ -3725,7 +3725,7 @@ config_set_rootpw( const char *attrname, char *value, char *errorbuf, int apply
     /* pwd enc func returns slapi_ch_malloc memory */
     slapdFrontendConfig->rootpw = (slapdFrontendConfig->rootpwstoragescheme->pws_enc)(value); 
   } else {
-    slapi_create_errormsg(errorbuf, 0,
+    slapi_create_errormsg(errorbuf, SLAPI_DSE_RETURNTEXT_SIZE,
             "%s: password scheme mismatch (passwd scheme is %s; password is clear text)",
             attrname, slapdFrontendConfig->rootpwstoragescheme->pws_name);
     retVal = LDAP_PARAM_ERROR;
@@ -3751,10 +3751,10 @@ config_set_rootpwstoragescheme( const char *attrname, char *value, char *errorbu
 	if (errorbuf) {
 		char * scheme_list = plugin_get_pwd_storage_scheme_list(PLUGIN_LIST_PWD_STORAGE_SCHEME); 
 		if ( scheme_list ) { 
-			slapi_create_errormsg(errorbuf, 0, "%s: invalid scheme - %s. Valid schemes are: %s",
+			slapi_create_errormsg(errorbuf, SLAPI_DSE_RETURNTEXT_SIZE, "%s: invalid scheme - %s. Valid schemes are: %s",
 					attrname, value, scheme_list );
 		} else {
-			slapi_create_errormsg(errorbuf, 0,
+			slapi_create_errormsg(errorbuf, SLAPI_DSE_RETURNTEXT_SIZE,
 					"%s: invalid scheme - %s (no pwdstorage scheme plugin loaded)", attrname, value);
 		}
 		slapi_ch_free_string(&scheme_list);
@@ -3834,12 +3834,12 @@ config_set_workingdir( const char *attrname, char *value, char *errorbuf, int ap
   }
 
   if ( PR_Access ( value, PR_ACCESS_EXISTS ) != 0 ) {
-	slapi_create_errormsg(errorbuf, 0, "Working directory \"%s\" does not exist.", value);
+	slapi_create_errormsg(errorbuf, SLAPI_DSE_RETURNTEXT_SIZE, "Working directory \"%s\" does not exist.", value);
 	retVal = LDAP_OPERATIONS_ERROR;
 	return retVal;
   }
   if ( PR_Access ( value, PR_ACCESS_WRITE_OK ) != 0 ) {
-	slapi_create_errormsg(errorbuf, 0, "Working directory \"%s\" is not writeable.", value);
+	slapi_create_errormsg(errorbuf, SLAPI_DSE_RETURNTEXT_SIZE, "Working directory \"%s\" is not writeable.", value);
 	retVal = LDAP_OPERATIONS_ERROR;
 	return retVal;
   }
@@ -3889,7 +3889,7 @@ config_set_threadnumber( const char *attrname, char *value, char *errorbuf, int
   threadnum = strtol(value, &endp, 10);
   
   if ( *endp != '\0' || errno == ERANGE || threadnum < 1 || threadnum > 65535 ) {
-	slapi_create_errormsg(errorbuf, 0,
+	slapi_create_errormsg(errorbuf, SLAPI_DSE_RETURNTEXT_SIZE,
 	      "%s: invalid value \"%s\", maximum thread number must range from 1 to 65535", attrname, value);
 	retVal = LDAP_OPERATIONS_ERROR;
   }
@@ -3919,7 +3919,7 @@ config_set_maxthreadsperconn( const char *attrname, char *value, char *errorbuf,
   maxthreadnum = strtol(value, &endp, 10);
   
   if ( *endp != '\0' || errno == ERANGE || maxthreadnum < 1 || maxthreadnum > 65535 ) {
-	slapi_create_errormsg(errorbuf, 0,
+	slapi_create_errormsg(errorbuf, SLAPI_DSE_RETURNTEXT_SIZE,
 	      "%s: invalid value \"%s\", maximum thread number per connection must range from 1 to 65535",
 	      attrname, value);
 	retVal = LDAP_OPERATIONS_ERROR;
@@ -3960,7 +3960,7 @@ config_set_maxdescriptors( const char *attrname, char *value, char *errorbuf, in
   nValue = strtol(value, &endp, 10);
 
   if ( *endp != '\0' || errno == ERANGE || nValue < 1 || nValue > maxVal ) {
-    slapi_create_errormsg(errorbuf, 0, 
+    slapi_create_errormsg(errorbuf, SLAPI_DSE_RETURNTEXT_SIZE, 
         "%s: invalid value \"%s\", maximum file descriptors must range from 1 to %d (the current process limit). "
         "Server will use a setting of %d.", attrname, value, maxVal, maxVal);
     if ( nValue > maxVal ) {
@@ -4001,7 +4001,7 @@ config_set_conntablesize( const char *attrname, char *value, char *errorbuf, int
   nValue = strtol(value, &endp, 0);
 
   if ( *endp != '\0' || errno == ERANGE || nValue < 1 || nValue > maxVal ) {
-    slapi_create_errormsg(errorbuf, 0,
+    slapi_create_errormsg(errorbuf, SLAPI_DSE_RETURNTEXT_SIZE,
         "%s: invalid value \"%s\", connection table size must range from 1 to %d (the current process maxdescriptors limit). "
         "Server will use a setting of %d.", attrname, value, maxVal, maxVal );
     if ( nValue > maxVal) {
@@ -4043,7 +4043,7 @@ config_set_reservedescriptors( const char *attrname, char *value, char *errorbuf
   nValue = strtol(value, &endp, 10);
   
   if ( *endp != '\0' || errno == ERANGE || nValue < 1 || nValue > maxVal ) {
-    slapi_create_errormsg(errorbuf, 0,
+    slapi_create_errormsg(errorbuf, SLAPI_DSE_RETURNTEXT_SIZE,
         "%s: invalid value \"%s\", reserved file descriptors must range from 1 to %d (the current process maxdescriptors limit). "
         "Server will use a setting of %d.", attrname, value, maxVal, maxVal);
     if ( nValue > maxVal) {
@@ -4079,7 +4079,7 @@ config_set_ioblocktimeout( const char *attrname, char *value, char *errorbuf, in
   nValue = strtol(value, &endp, 10);
 
   if ( *endp != '\0' || errno == ERANGE || nValue < 0 ) {
-    slapi_create_errormsg(errorbuf, 0, "%s: invalid value \"%s\", I/O block timeout must range from 0 to %lld",
+    slapi_create_errormsg(errorbuf, SLAPI_DSE_RETURNTEXT_SIZE, "%s: invalid value \"%s\", I/O block timeout must range from 0 to %lld",
             attrname, value, (long long int)LONG_MAX);
     retVal = LDAP_OPERATIONS_ERROR;
     return retVal;
@@ -4115,7 +4115,7 @@ config_set_idletimeout( const char *attrname, char *value, char *errorbuf, int a
   nValue = strtol(value, &endp, 10);
 
   if (*endp != '\0' || errno == ERANGE || nValue < 0 ) {
-    slapi_create_errormsg(errorbuf, 0, "%s: invalid value \"%s\", idle timeout must range from 0 to %lld",
+    slapi_create_errormsg(errorbuf, SLAPI_DSE_RETURNTEXT_SIZE, "%s: invalid value \"%s\", idle timeout must range from 0 to %lld",
                     attrname, value, (long long int)LONG_MAX);
     retVal = LDAP_OPERATIONS_ERROR;
     return retVal;
@@ -4148,7 +4148,7 @@ config_set_groupevalnestlevel( const char *attrname, char * value, char *errorbu
   nValue = strtol(value, &endp, 10);
   
   if ( *endp != '\0' || errno == ERANGE || nValue < 0 || nValue > 5 ) {
-    slapi_create_errormsg(errorbuf, 0,
+    slapi_create_errormsg(errorbuf, SLAPI_DSE_RETURNTEXT_SIZE,
           "%s: invalid value \"%s\", group eval nest level must range from 0 to 5", attrname, value);
     retVal = LDAP_OPERATIONS_ERROR;
     return retVal;
@@ -4214,7 +4214,7 @@ config_set_timelimit( const char *attrname, char *value, char *errorbuf, int app
   nVal = strtol(value, &endp, 10);
 
   if ( *endp != '\0' || errno == ERANGE || nVal < -1 ) {
-    slapi_create_errormsg(errorbuf, 0,
+    slapi_create_errormsg(errorbuf, SLAPI_DSE_RETURNTEXT_SIZE,
           "%s: invalid value \"%s\", time limit must range from -1 to %lld",
           attrname, value, (long long int)LONG_MAX );
     retVal = LDAP_OPERATIONS_ERROR;
@@ -4268,7 +4268,7 @@ config_set_accesslog( const char *attrname, char *value, char *errorbuf, int app
   retVal = log_update_accesslogdir ( value, apply );
   
   if (retVal != LDAP_SUCCESS) {
-    slapi_create_errormsg(errorbuf, 0,
+    slapi_create_errormsg(errorbuf, SLAPI_DSE_RETURNTEXT_SIZE,
         "Cannot open accesslog directory \"%s\", client accesses will not be logged.", value);
   }
   
@@ -4293,7 +4293,7 @@ config_set_errorlog( const char *attrname, char *value, char *errorbuf, int appl
   retVal = log_update_errorlogdir ( value, apply );
   
   if ( retVal != LDAP_SUCCESS ) {
-    slapi_create_errormsg(errorbuf, 0,
+    slapi_create_errormsg(errorbuf, SLAPI_DSE_RETURNTEXT_SIZE,
         "Cannot open errorlog file \"%s\", errors cannot be logged.  Exiting...", value);
     syslog(LOG_ERR, 
         "Cannot open errorlog file \"%s\", errors cannot be logged.  Exiting...", value);
@@ -4321,7 +4321,7 @@ config_set_auditlog( const char *attrname, char *value, char *errorbuf, int appl
     retVal = log_update_auditlogdir ( value, apply );
 
     if (retVal != LDAP_SUCCESS) {
-        slapi_create_errormsg(errorbuf, 0, "Cannot open auditlog directory \"%s\"", value);
+        slapi_create_errormsg(errorbuf, SLAPI_DSE_RETURNTEXT_SIZE, "Cannot open auditlog directory \"%s\"", value);
     }
 
     if ( apply ) {
@@ -4345,7 +4345,7 @@ config_set_auditfaillog( const char *attrname, char *value, char *errorbuf, int
   retVal = log_update_auditfaillogdir ( value, apply );
   
   if (retVal != LDAP_SUCCESS) {
-	slapi_create_errormsg(errorbuf, 0, "Cannot open auditfaillog directory \"%s\"", value);
+	slapi_create_errormsg(errorbuf, SLAPI_DSE_RETURNTEXT_SIZE, "Cannot open auditfaillog directory \"%s\"", value);
   }
   
   if ( apply ) {
@@ -4373,7 +4373,7 @@ config_set_pw_maxage( const char *attrname, char *value, char *errorbuf, int app
   age = parse_duration(value);
 
   if ( age <= 0 || age > (MAX_ALLOWED_TIME_IN_SECS - current_time()) ) {
-	slapi_create_errormsg(errorbuf, 0, "%s: password maximum age \"%s\" is invalid.", attrname, value);
+	slapi_create_errormsg(errorbuf, SLAPI_DSE_RETURNTEXT_SIZE, "%s: password maximum age \"%s\" is invalid.", attrname, value);
 	retVal = LDAP_OPERATIONS_ERROR;
 	return retVal;
   }
@@ -4398,7 +4398,7 @@ config_set_pw_minage( const char *attrname, char *value, char *errorbuf, int app
   /* age in seconds */
   age = parse_duration(value);
   if ( age < 0 || age > (MAX_ALLOWED_TIME_IN_SECS - current_time()) ) {
-	slapi_create_errormsg(errorbuf, 0, "%s: password minimum age \"%s\" is invalid.", attrname, value);
+	slapi_create_errormsg(errorbuf, SLAPI_DSE_RETURNTEXT_SIZE, "%s: password minimum age \"%s\" is invalid.", attrname, value);
 	retVal = LDAP_OPERATIONS_ERROR;
 	return retVal;
   }
@@ -4425,7 +4425,7 @@ config_set_pw_warning( const char *attrname, char *value, char *errorbuf, int ap
   sec = parse_duration(value);
 
   if (errno == ERANGE || sec < 0) {
-	slapi_create_errormsg(errorbuf, 0,
+	slapi_create_errormsg(errorbuf, SLAPI_DSE_RETURNTEXT_SIZE,
 	       "%s: password warning age \"%s\" is invalid, password warning "
 	       "age must range from 0 to %lld seconds", 
 	       attrname, value, (long long int)LONG_MAX );
@@ -4457,7 +4457,7 @@ config_set_errorlog_level( const char *attrname, char *value, char *errorbuf, in
   level = strtol(value, &endp, 10);
 
   if ( *endp != '\0' || errno == ERANGE || level < 0 ) {
-    slapi_create_errormsg(errorbuf, 0, "%s: error log level \"%s\" is invalid,"
+    slapi_create_errormsg(errorbuf, SLAPI_DSE_RETURNTEXT_SIZE, "%s: error log level \"%s\" is invalid,"
                           " error log level must range from 0 to %lld",
                           attrname, value, (long long int)LONG_MAX);
     retVal = LDAP_OPERATIONS_ERROR;
@@ -4492,7 +4492,7 @@ config_set_accesslog_level( const char *attrname, char *value, char *errorbuf, i
   level = strtol(value, &endp, 10);
 
   if ( *endp != '\0' || errno == ERANGE || level < 0 ) {
-    slapi_create_errormsg(errorbuf, 0, "%s: access log level \"%s\" is invalid,"
+    slapi_create_errormsg(errorbuf, SLAPI_DSE_RETURNTEXT_SIZE, "%s: access log level \"%s\" is invalid,"
             " access log level must range from 0 to %lld",
             attrname, value, (long long int)LONG_MAX);
     retVal = LDAP_OPERATIONS_ERROR;
@@ -4516,7 +4516,7 @@ int config_set_referral_mode(const char *attrname, char *url, char *errorbuf, in
     slapdFrontendConfig->refer_mode=REFER_MODE_OFF;
 
     if ((!url) || (!url[0])) {
-        slapi_create_errormsg(errorbuf, 0, "referral url must have a value");
+        slapi_create_errormsg(errorbuf, SLAPI_DSE_RETURNTEXT_SIZE, "referral url must have a value");
         return LDAP_OPERATIONS_ERROR;
     }
     if (apply) {
@@ -4533,7 +4533,7 @@ config_set_versionstring( const char *attrname, char *version, char *errorbuf, i
   slapdFrontendConfig_t *slapdFrontendConfig = getFrontendConfig();
   
   if ((!version) || (!version[0])) {
-    slapi_create_errormsg(errorbuf, 0, "versionstring must have a value");
+    slapi_create_errormsg(errorbuf, SLAPI_DSE_RETURNTEXT_SIZE, "versionstring must have a value");
     return LDAP_OPERATIONS_ERROR;
   }
   if (apply) {
@@ -5909,7 +5909,7 @@ config_set_maxbersize( const char *attrname, char *value, char *errorbuf, int ap
   errno = 0;
   size = strtol(value, &endp, 10);
   if ( *endp != '\0' || errno == ERANGE){
-    slapi_create_errormsg(errorbuf, 0, "(%s) value (%s) is invalid\n",attrname, value);
+    slapi_create_errormsg(errorbuf, SLAPI_DSE_RETURNTEXT_SIZE, "(%s) value (%s) is invalid\n",attrname, value);
     retVal = LDAP_OPERATIONS_ERROR;
     return retVal;
   }
@@ -5974,7 +5974,7 @@ config_set_maxsasliosize( const char *attrname, char *value, char *errorbuf, int
   }
 
   if (retVal != LDAP_SUCCESS) {
-      slapi_create_errormsg(errorbuf, 0,
+      slapi_create_errormsg(errorbuf, SLAPI_DSE_RETURNTEXT_SIZE,
               "%s: \"%s\" is invalid. Value must range from -1 to %lld",
               attrname, value, (long long int)LONG_MAX);
   } else if (apply) {
@@ -6028,7 +6028,7 @@ config_set_localssf( const char *attrname, char *value, char *errorbuf, int appl
   }
 
   if (retVal != LDAP_SUCCESS) {
-    slapi_create_errormsg(errorbuf, 0,
+    slapi_create_errormsg(errorbuf, SLAPI_DSE_RETURNTEXT_SIZE,
             "%s: \"%s\" is invalid. Value must range from 0 to %d", attrname, value, INT_MAX);
   } else if (apply) {
     CFG_LOCK_WRITE(slapdFrontendConfig);
@@ -6070,7 +6070,7 @@ config_set_minssf( const char *attrname, char *value, char *errorbuf, int apply
   }
 
   if (retVal != LDAP_SUCCESS) {
-    slapi_create_errormsg(errorbuf, 0,
+    slapi_create_errormsg(errorbuf, SLAPI_DSE_RETURNTEXT_SIZE,
             "%s: \"%s\" is invalid. Value must range from 0 to %d", attrname, value, INT_MAX);
   } else if (apply) {
     CFG_LOCK_WRITE(slapdFrontendConfig);
@@ -6147,7 +6147,7 @@ config_set_max_filter_nest_level( const char *attrname, char *value,
   errno = 0;
   level = strtol(value, &endp, 10);
   if ( *endp != '\0' || errno == ERANGE){
-      slapi_create_errormsg(errorbuf, 0, "(%s) value (%s) " "is invalid\n",attrname, value);
+      slapi_create_errormsg(errorbuf, SLAPI_DSE_RETURNTEXT_SIZE, "(%s) value (%s) " "is invalid\n",attrname, value);
       retVal = LDAP_OPERATIONS_ERROR;
       return retVal;
   }
@@ -6836,7 +6836,7 @@ config_set_schemareplace( const char *attrname, char *value, char *errorbuf, int
 			0 != strcasecmp( value, CONFIG_SCHEMAREPLACE_STR_ON ) && 
 			0 != strcasecmp( value, CONFIG_SCHEMAREPLACE_STR_REPLICATION_ONLY )) {
 		retVal = LDAP_OPERATIONS_ERROR;
-		slapi_create_errormsg(errorbuf, 0, "unsupported value: %s", value);
+		slapi_create_errormsg(errorbuf, SLAPI_DSE_RETURNTEXT_SIZE, "unsupported value: %s", value);
 	}
   }
 
@@ -6868,7 +6868,7 @@ config_set_outbound_ldap_io_timeout( const char *attrname, char *value,
 	errno = 0;
 	timeout = strtol(value, &endp, 10);
 	if ( *endp != '\0' || errno == ERANGE){
-		slapi_create_errormsg(errorbuf, 0, "(%s) value (%s) is invalid\n",attrname, value);
+		slapi_create_errormsg(errorbuf, SLAPI_DSE_RETURNTEXT_SIZE, "(%s) value (%s) is invalid\n",attrname, value);
 		return LDAP_OPERATIONS_ERROR;
 	}
 
@@ -6926,7 +6926,7 @@ config_set_anon_access_switch( const char *attrname, char *value,
 
 	if ((strcasecmp(value, "on") != 0) && (strcasecmp(value, "off") != 0) &&
 	    (strcasecmp(value, "rootdse") != 0)) {
-		slapi_create_errormsg(errorbuf, 0,
+		slapi_create_errormsg(errorbuf, SLAPI_DSE_RETURNTEXT_SIZE,
 		        "%s: invalid value \"%s\". Valid values are \"on\", \"off\", or \"rootdse\".", attrname, value);
 		retVal = LDAP_OPERATIONS_ERROR;
 	}
@@ -6963,7 +6963,7 @@ config_set_validate_cert_switch( const char *attrname, char *value,
 
 	if ((strcasecmp(value, "on") != 0) && (strcasecmp(value, "off") != 0) &&
 	    (strcasecmp(value, "warn") != 0)) {
-		slapi_create_errormsg(errorbuf, 0,
+		slapi_create_errormsg(errorbuf, SLAPI_DSE_RETURNTEXT_SIZE,
 		        "%s: invalid value \"%s\". Valid values are \"on\", \"off\", or \"warn\".", attrname, value);
 		retVal = LDAP_OPERATIONS_ERROR;
 	}
@@ -7217,7 +7217,7 @@ config_set_default_naming_context(const char *attrname,
         int in_init = 0;
         suffix = slapi_create_dn_string("%s", value);
         if (NULL == suffix) {
-            slapi_create_errormsg(errorbuf, 0, "%s is not a valid suffix.", value);
+            slapi_create_errormsg(errorbuf, SLAPI_DSE_RETURNTEXT_SIZE, "%s is not a valid suffix.", value);
             return LDAP_INVALID_DN_SYNTAX;
         }
         sdn = slapi_get_first_suffix(&node, 0);
@@ -7232,7 +7232,7 @@ config_set_default_naming_context(const char *attrname,
             sdn = slapi_get_next_suffix(&node, 0);
         }
         if (!in_init && (NULL == sdn)) { /* not in startup && no match */
-            slapi_create_errormsg(errorbuf, 0, "%s is not an existing suffix.", value);
+            slapi_create_errormsg(errorbuf, SLAPI_DSE_RETURNTEXT_SIZE, "%s is not an existing suffix.", value);
             slapi_ch_free_string(&suffix);
             return LDAP_NO_SUCH_OBJECT;
         }
@@ -7273,7 +7273,7 @@ config_set_unhashed_pw_switch(const char *attrname, char *value,
 
     if ((strcasecmp(value, "on") != 0) && (strcasecmp(value, "off") != 0) &&
         (strcasecmp(value, "nolog") != 0)) {
-        slapi_create_errormsg(errorbuf, 0,
+        slapi_create_errormsg(errorbuf, SLAPI_DSE_RETURNTEXT_SIZE,
                 "%s: invalid value \"%s\". Valid values are \"on\", \"off\", or \"nolog\".", attrname, value);
         retVal = LDAP_OPERATIONS_ERROR;
     }
@@ -7464,7 +7464,7 @@ config_set_connection_buffer( const char *attrname, char *value,
 
     if ((strcasecmp(value, "0") != 0) && (strcasecmp(value, "1") != 0) &&
         (strcasecmp(value, "2") != 0)) {
-        slapi_create_errormsg(errorbuf, 0,
+        slapi_create_errormsg(errorbuf, SLAPI_DSE_RETURNTEXT_SIZE,
                 "%s: invalid value \"%s\". Valid values are \"0\", \"1\", or \"2\".", attrname, value);
         retVal = LDAP_OPERATIONS_ERROR;
     }
@@ -7492,7 +7492,7 @@ config_set_listen_backlog_size( const char *attrname, char *value,
 	errno = 0;
 	size = strtol(value, &endp, 10);
 	if ( *endp != '\0' || errno == ERANGE){
-		slapi_create_errormsg(errorbuf, 0, "(%s) value (%s) is invalid\n", attrname, value);
+		slapi_create_errormsg(errorbuf, SLAPI_DSE_RETURNTEXT_SIZE, "(%s) value (%s) is invalid\n", attrname, value);
 		return LDAP_OPERATIONS_ERROR;
 	}
 
@@ -7573,7 +7573,7 @@ config_set(const char *attr, struct berval **values, char *errorbuf, int apply)
 #if 0
 		debugHashTable(attr);
 #endif
-		slapi_create_errormsg(errorbuf, 0, "Unknown attribute %s will be ignored", attr);
+		slapi_create_errormsg(errorbuf, SLAPI_DSE_RETURNTEXT_SIZE, "Unknown attribute %s will be ignored", attr);
 		slapi_log_error(SLAPI_LOG_FATAL, "config_set", "Unknown attribute %s will be ignored", attr);
 		return LDAP_NO_SUCH_ATTRIBUTE;
 	}
@@ -8007,7 +8007,7 @@ config_set_maxsimplepaged_per_conn( const char *attrname, char *value, char *err
   errno = 0;
   size = strtol(value, &endp, 10);
   if ( *endp != '\0' || errno == ERANGE){
-    slapi_create_errormsg(errorbuf, 0, "(%s) value (%s) is invalid\n", attrname, value);
+    slapi_create_errormsg(errorbuf, SLAPI_DSE_RETURNTEXT_SIZE, "(%s) value (%s) is invalid\n", attrname, value);
     return LDAP_OPERATIONS_ERROR;
   }
 
@@ -8068,7 +8068,7 @@ config_set_malloc_mxfast(const char *attrname, char *value, char *errorbuf, int
     errno = 0;
     mxfast = strtol(value, &endp, 10);
     if ((*endp != '\0') || (errno == ERANGE)) {
-        slapi_create_errormsg(errorbuf, 0, "limit \"%s\" is invalid, %s must range from 0 to %d",
+        slapi_create_errormsg(errorbuf, SLAPI_DSE_RETURNTEXT_SIZE, "limit \"%s\" is invalid, %s must range from 0 to %d",
                               value, CONFIG_MALLOC_MXFAST, max);
         return LDAP_OPERATIONS_ERROR;
     }
@@ -8109,7 +8109,7 @@ config_set_malloc_trim_threshold(const char *attrname, char *value, char *errorb
     errno = 0;
     trim_threshold = strtol(value, &endp, 10);
     if ((*endp != '\0') || (errno == ERANGE)) {
-        slapi_create_errormsg(errorbuf, 0, "limit \"%s\" is invalid, %s must range from 0 to %lld",
+        slapi_create_errormsg(errorbuf, SLAPI_DSE_RETURNTEXT_SIZE, "limit \"%s\" is invalid, %s must range from 0 to %lld",
                               value, CONFIG_MALLOC_TRIM_THRESHOLD, (long long int)LONG_MAX);
         return LDAP_OPERATIONS_ERROR;
     }
@@ -8158,7 +8158,7 @@ config_set_malloc_mmap_threshold(const char *attrname, char *value, char *errorb
     errno = 0;
     mmap_threshold = strtol(value, &endp, 10);
     if ((*endp != '\0') || (errno == ERANGE)) {
-        slapi_create_errormsg(errorbuf, 0, "limit \"%s\" is invalid, %s must range from 0 to %d",
+        slapi_create_errormsg(errorbuf, SLAPI_DSE_RETURNTEXT_SIZE, "limit \"%s\" is invalid, %s must range from 0 to %d",
                               value, CONFIG_MALLOC_MMAP_THRESHOLD, max);
         return LDAP_OPERATIONS_ERROR;
     }

ldap/servers/slapd/log.c

@@ -310,7 +310,7 @@ log_set_logging(const char *attrname, char *value, int logtype, char *errorbuf,
 	slapdFrontendConfig_t *fe_cfg = getFrontendConfig();
 
 	if ( NULL == value ) {
-	  slapi_create_errormsg(errorbuf, 0, "%s: NULL value; valid values are \"on\" or \"off\"", attrname);
+	  slapi_create_errormsg(errorbuf, SLAPI_DSE_RETURNTEXT_SIZE, "%s: NULL value; valid values are \"on\" or \"off\"", attrname);
 	  return LDAP_OPERATIONS_ERROR;
 	}
 
@@ -321,7 +321,7 @@ log_set_logging(const char *attrname, char *value, int logtype, char *errorbuf,
 	  v = 0;
 	}
 	else {
-	  slapi_create_errormsg(errorbuf, 0, "%s: invalid value \"%s\", valid values are \"on\" or \"off\"",
+	  slapi_create_errormsg(errorbuf, SLAPI_DSE_RETURNTEXT_SIZE, "%s: invalid value \"%s\", valid values are \"on\" or \"off\"",
 	                        attrname, value);
 	  return LDAP_OPERATIONS_ERROR;
 	}
@@ -759,7 +759,7 @@ log_set_mode (const char *attrname, char *value, int logtype, char *errorbuf, in
 	slapdFrontendConfig_t *fe_cfg = getFrontendConfig();
 
 	if ( NULL == value ) {
-		slapi_create_errormsg(errorbuf, 0,
+		slapi_create_errormsg(errorbuf, SLAPI_DSE_RETURNTEXT_SIZE,
 			    "%s: null value; valid values are are of the format \"yz-yz-yz-\" where y could be 'r' or '-',"
 			    " and z could be 'w' or '-'", attrname );
 		return LDAP_OPERATIONS_ERROR;
@@ -777,7 +777,7 @@ log_set_mode (const char *attrname, char *value, int logtype, char *errorbuf, in
 			if (loginfo.log_access_file &&
 				( chmod( loginfo.log_access_file, v ) != 0) ) {
 				int oserr = errno;
-				slapi_create_errormsg(errorbuf, 0,
+				slapi_create_errormsg(errorbuf, SLAPI_DSE_RETURNTEXT_SIZE,
 				        "%s: Failed to chmod access log file to %s: errno %d (%s)",
 				        attrname, value, oserr, slapd_system_strerror(oserr));
 				retval = LDAP_UNWILLING_TO_PERFORM;
@@ -793,7 +793,7 @@ log_set_mode (const char *attrname, char *value, int logtype, char *errorbuf, in
 			if (loginfo.log_error_file &&
 				( chmod( loginfo.log_error_file, v ) != 0) ) {
 				int oserr = errno;
-				slapi_create_errormsg(errorbuf, 0,
+				slapi_create_errormsg(errorbuf, SLAPI_DSE_RETURNTEXT_SIZE,
 				        "%s: Failed to chmod error log file to %s: errno %d (%s)",
 				        attrname, value, oserr, slapd_system_strerror(oserr));
 				retval = LDAP_UNWILLING_TO_PERFORM;
@@ -809,7 +809,7 @@ log_set_mode (const char *attrname, char *value, int logtype, char *errorbuf, in
 			if (loginfo.log_audit_file &&
 				( chmod( loginfo.log_audit_file, v ) != 0) ) {
 				int oserr = errno;
-				slapi_create_errormsg(errorbuf, 0,
+				slapi_create_errormsg(errorbuf, SLAPI_DSE_RETURNTEXT_SIZE,
 				        "%s: Failed to chmod audit log file to %s: errno %d (%s)",
 				        attrname, value, oserr, slapd_system_strerror(oserr));
 				retval = LDAP_UNWILLING_TO_PERFORM;
@@ -1014,7 +1014,7 @@ log_set_rotationsync_enabled(const char *attrname, char *value, int logtype, cha
 	slapdFrontendConfig_t *fe_cfg = getFrontendConfig();
 
 	if ( NULL == value ) {
-		slapi_create_errormsg(errorbuf, 0,
+		slapi_create_errormsg(errorbuf, SLAPI_DSE_RETURNTEXT_SIZE,
 			  "%s: NULL value; valid values are \"on\" or \"off\"", attrname);
 		return LDAP_OPERATIONS_ERROR;
 	}
@@ -1026,7 +1026,7 @@ log_set_rotationsync_enabled(const char *attrname, char *value, int logtype, cha
 		v = LDAP_OFF;
 	}
 	else {
-		slapi_create_errormsg(errorbuf, 0,
+		slapi_create_errormsg(errorbuf, SLAPI_DSE_RETURNTEXT_SIZE,
 			  "%s: invalid value \"%s\", valid values are \"on\" or \"off\"", attrname, value);
 		return LDAP_OPERATIONS_ERROR;
 	}
@@ -1304,7 +1304,7 @@ int log_set_rotationtimeunit(const char *attrname, char *runit, int logtype, cha
        logtype != SLAPD_ERROR_LOG &&
        logtype != SLAPD_AUDIT_LOG &&
        logtype != SLAPD_AUDITFAIL_LOG ) {
-    slapi_create_errormsg(errorbuf, 0, "%s: invalid log type: %d", attrname, logtype);
+    slapi_create_errormsg(errorbuf, SLAPI_DSE_RETURNTEXT_SIZE, "%s: invalid log type: %d", attrname, logtype);
     return LDAP_OPERATIONS_ERROR;
   }
   
@@ -1315,7 +1315,7 @@ int log_set_rotationtimeunit(const char *attrname, char *runit, int logtype, cha
     (strcasecmp(runit, "minute") == 0)) {
     /* all good values */
   } else  {
-    slapi_create_errormsg(errorbuf, 0, "%s: unknown unit \"%s\"", attrname, runit);
+    slapi_create_errormsg(errorbuf, SLAPI_DSE_RETURNTEXT_SIZE, "%s: unknown unit \"%s\"", attrname, runit);
     rv = LDAP_OPERATIONS_ERROR;
   }
   
@@ -1423,7 +1423,7 @@ log_set_maxdiskspace(const char *attrname, char *maxdiskspace_str, int logtype,
         logtype != SLAPD_ERROR_LOG &&
         logtype != SLAPD_AUDIT_LOG &&
         logtype != SLAPD_AUDITFAIL_LOG ) {
-        slapi_create_errormsg(errorbuf, 0, "%s: invalid log type: %d", attrname, logtype);
+        slapi_create_errormsg(errorbuf, SLAPI_DSE_RETURNTEXT_SIZE, "%s: invalid log type: %d", attrname, logtype);
         return LDAP_OPERATIONS_ERROR;
     }
 
@@ -1456,7 +1456,7 @@ log_set_maxdiskspace(const char *attrname, char *maxdiskspace_str, int logtype,
         maxdiskspace = -1;
     } else if (maxdiskspace < mlogsize) {
         rv = LDAP_OPERATIONS_ERROR;
-        slapi_create_errormsg(errorbuf, 0,
+        slapi_create_errormsg(errorbuf, SLAPI_DSE_RETURNTEXT_SIZE,
                 "%s: \"%d (MB)\" is less than max log size \"%d (MB)\"",
                 attrname, s_maxdiskspace, (int)(mlogsize/LOG_MB_IN_BYTES));
     }
@@ -1513,7 +1513,7 @@ log_set_mindiskspace(const char *attrname, char *minfreespace_str, int logtype,
 		 logtype != SLAPD_ERROR_LOG &&
 		 logtype != SLAPD_AUDIT_LOG &&
 		 logtype != SLAPD_AUDITFAIL_LOG ) {
-	  slapi_create_errormsg(errorbuf, 0, "%s: invalid log type: %d", attrname, logtype);
+	  slapi_create_errormsg(errorbuf, SLAPI_DSE_RETURNTEXT_SIZE, "%s: invalid log type: %d", attrname, logtype);
 	  rv = LDAP_OPERATIONS_ERROR;
 	}
 
@@ -1578,7 +1578,7 @@ log_set_expirationtime(const char *attrname, char *exptime_str, int logtype, cha
 		 logtype != SLAPD_ERROR_LOG &&
 		 logtype != SLAPD_AUDIT_LOG &&
 		 logtype != SLAPD_AUDITFAIL_LOG ) {
-	  slapi_create_errormsg(errorbuf, 0, "%s: invalid log type: %d", attrname, logtype);
+	  slapi_create_errormsg(errorbuf, SLAPI_DSE_RETURNTEXT_SIZE, "%s: invalid log type: %d", attrname, logtype);
 	  rv = LDAP_OPERATIONS_ERROR;
 	}
 	
@@ -1684,12 +1684,12 @@ log_set_expirationtimeunit(const char *attrname, char *expunit, int logtype, cha
 	   logtype != SLAPD_ERROR_LOG &&
 	   logtype != SLAPD_AUDIT_LOG &&
 	   logtype != SLAPD_AUDITFAIL_LOG ) {
-	  slapi_create_errormsg(errorbuf, 0, "%s: invalid log type: %d", attrname, logtype);
+	  slapi_create_errormsg(errorbuf, SLAPI_DSE_RETURNTEXT_SIZE, "%s: invalid log type: %d", attrname, logtype);
 	  return LDAP_OPERATIONS_ERROR;
 	}
 
 	if ( NULL == expunit ) {
-		slapi_create_errormsg(errorbuf, 0, "%s: NULL value", attrname);
+		slapi_create_errormsg(errorbuf, SLAPI_DSE_RETURNTEXT_SIZE, "%s: NULL value", attrname);
 		return LDAP_OPERATIONS_ERROR;
 	}
 
@@ -1698,7 +1698,7 @@ log_set_expirationtimeunit(const char *attrname, char *expunit, int logtype, cha
 		(strcasecmp(expunit, "day") == 0)) {
 		/* we have good values */
 	} else  {
-		slapi_create_errormsg(errorbuf, 0, "%s: invalid time unit \"%s\"", attrname, expunit);
+		slapi_create_errormsg(errorbuf, SLAPI_DSE_RETURNTEXT_SIZE, "%s: invalid time unit \"%s\"", attrname, expunit);
 		rv = LDAP_OPERATIONS_ERROR;;
 	}
 	

ldap/servers/slapd/mapping_tree.c

@@ -120,7 +120,7 @@ static void mtn_free_node (mapping_tree_node **node);
 static int mtn_get_be_distributed(Slapi_PBlock *pb,
     mapping_tree_node * target_node, Slapi_DN *target_sdn, int * flag_stop);
 static int mtn_get_be(mapping_tree_node *target_node, Slapi_PBlock *pb,
-    Slapi_Backend **be, int * index, Slapi_Entry **referral, char *errorbuf);
+    Slapi_Backend **be, int * index, Slapi_Entry **referral, char *errorbuf, size_t ebuflen);
 static mapping_tree_node * mtn_get_next_node(mapping_tree_node * node,
     mapping_tree_node * node_list, int scope);
 static mapping_tree_node * mtn_get_first_node(mapping_tree_node * node,
@@ -1872,7 +1872,7 @@ mtn_get_first_node(mapping_tree_node * node, int scope)
 
 int slapi_mtn_get_first_be(mapping_tree_node * node_list,
          mapping_tree_node ** node, Slapi_PBlock *pb, Slapi_Backend **be,
-         int * be_index, Slapi_Entry **referral, char *errorbuf, int scope)
+         int * be_index, Slapi_Entry **referral, char *errorbuf, size_t ebuflen, int scope)
 {
     *node = mtn_get_first_node(node_list, scope);
     if (scope == LDAP_SCOPE_BASE)
@@ -1880,12 +1880,12 @@ int slapi_mtn_get_first_be(mapping_tree_node * node_list,
     else
         *be_index = 0;
 
-    return mtn_get_be(*node, pb, be, be_index, referral, errorbuf);
+    return mtn_get_be(*node, pb, be, be_index, referral, errorbuf, ebuflen);
 }
 
 int slapi_mtn_get_next_be(mapping_tree_node * node_list,
          mapping_tree_node ** node, Slapi_PBlock *pb, Slapi_Backend **be,
-         int * be_index, Slapi_Entry **referral, char *errorbuf, int scope)
+         int * be_index, Slapi_Entry **referral, char *errorbuf, size_t ebuflen, int scope)
 {
     int rc;
 
@@ -1908,7 +1908,7 @@ int slapi_mtn_get_next_be(mapping_tree_node * node_list,
         return 0;
     }
 
-    rc = mtn_get_be(*node, pb, be, be_index, referral, errorbuf);
+    rc = mtn_get_be(*node, pb, be, be_index, referral, errorbuf, ebuflen);
 
     if (rc != LDAP_SUCCESS)
     {
@@ -1925,7 +1925,7 @@ int slapi_mtn_get_next_be(mapping_tree_node * node_list,
             return 0;
         }
         *be_index = 0;
-        return mtn_get_be(*node, pb, be, be_index, referral, errorbuf);
+        return mtn_get_be(*node, pb, be, be_index, referral, errorbuf, ebuflen);
     }
 
     return LDAP_SUCCESS;
@@ -2135,7 +2135,7 @@ int slapi_dn_write_needs_referral(Slapi_DN *target_sdn, Slapi_Entry **referral)
  * Returns:
  * LDAP_SUCCESS on success, other LDAP result codes if there is a problem.
  */
-int slapi_mapping_tree_select(Slapi_PBlock *pb, Slapi_Backend **be, Slapi_Entry **referral, char *errorbuf)
+int slapi_mapping_tree_select(Slapi_PBlock *pb, Slapi_Backend **be, Slapi_Entry **referral, char *errorbuf, size_t ebuflen)
 {
     Slapi_DN *target_sdn = NULL;
     mapping_tree_node *target_node;
@@ -2204,7 +2204,7 @@ int slapi_mapping_tree_select(Slapi_PBlock *pb, Slapi_Backend **be, Slapi_Entry
      * used for BASE search, ADD, DELETE, MODIFY
      */
     index = -1;
-    ret = mtn_get_be(target_node, pb, be, &index, referral, errorbuf);
+    ret = mtn_get_be(target_node, pb, be, &index, referral, errorbuf, ebuflen);
     slapi_pblock_set(pb, SLAPI_BACKEND_COUNT, &index);
 
     mtn_unlock();
@@ -2227,7 +2227,7 @@ int slapi_mapping_tree_select(Slapi_PBlock *pb, Slapi_Backend **be, Slapi_Entry
         {
             if (errorbuf) {
                 PL_strncpyz(errorbuf, slapi_config_get_readonly() ? 
-                            "Server is read-only" : "database is read-only", sizeof(errorbuf));
+                            "Server is read-only" : "database is read-only", ebuflen);
             }
             ret = LDAP_UNWILLING_TO_PERFORM;
             slapi_be_Unlock(*be);
@@ -2239,7 +2239,7 @@ int slapi_mapping_tree_select(Slapi_PBlock *pb, Slapi_Backend **be, Slapi_Entry
 }
 
 int slapi_mapping_tree_select_all(Slapi_PBlock *pb, Slapi_Backend **be_list,
-        Slapi_Entry **referral_list, char *errorbuf)
+        Slapi_Entry **referral_list, char *errorbuf, size_t ebuflen)
 {
     Slapi_DN *target_sdn = NULL;
     mapping_tree_node *node_list;
@@ -2306,7 +2306,7 @@ int slapi_mapping_tree_select_all(Slapi_PBlock *pb, Slapi_Backend **be_list,
         return ret_code;
     }
 
-    ret = slapi_mtn_get_first_be(node_list, &node, pb, &be, &index, &referral, errorbuf, scope);
+    ret = slapi_mtn_get_first_be(node_list, &node, pb, &be, &index, &referral, errorbuf, ebuflen, scope);
 
     while ((node) && (be_index <= BE_LIST_SIZE))
     {
@@ -2335,7 +2335,7 @@ int slapi_mapping_tree_select_all(Slapi_PBlock *pb, Slapi_Backend **be_list,
             if (be && !be_isdeleted(be))
             {
                 if (be_index == BE_LIST_SIZE) { /* error - too many backends */
-                    slapi_create_errormsg(errorbuf, 0,
+                    slapi_create_errormsg(errorbuf, ebuflen,
                             "Error: too many backends match search request - cannot proceed");
                     slapi_log_error(SLAPI_LOG_FATAL, "mapping_tree",
                         "Error: too many backends match search request - cannot proceed");
@@ -2363,7 +2363,7 @@ int slapi_mapping_tree_select_all(Slapi_PBlock *pb, Slapi_Backend **be_list,
         }
 
         ret = slapi_mtn_get_next_be(node_list, &node, pb, &be, &index,
-                     &referral, errorbuf, scope);
+                     &referral, errorbuf, ebuflen, scope);
     }
     mtn_unlock();
     be_list[be_index] = NULL;
@@ -2424,7 +2424,7 @@ void slapi_mapping_tree_free_all(Slapi_Backend **be_list, Slapi_Entry **referral
 /* same as slapi_mapping_tree_select() but will also check that the supplied
  * newdn is in the same backend
  */
-int slapi_mapping_tree_select_and_check(Slapi_PBlock *pb,char *newdn, Slapi_Backend **be, Slapi_Entry **referral, char *errorbuf)
+int slapi_mapping_tree_select_and_check(Slapi_PBlock *pb,char *newdn, Slapi_Backend **be, Slapi_Entry **referral, char *errorbuf, size_t ebuflen)
 {
     Slapi_DN *target_sdn = NULL;
     Slapi_DN dn_newdn;
@@ -2446,7 +2446,7 @@ int slapi_mapping_tree_select_and_check(Slapi_PBlock *pb,char *newdn, Slapi_Back
     target_sdn = operation_get_target_spec (op);
 
     * referral = NULL;
-    ret = slapi_mapping_tree_select(pb, be, referral, errorbuf); 
+    ret = slapi_mapping_tree_select(pb, be, referral, errorbuf, ebuflen); 
     if (ret)
         goto unlock_and_return;
 
@@ -2460,7 +2460,7 @@ int slapi_mapping_tree_select_and_check(Slapi_PBlock *pb,char *newdn, Slapi_Back
     if (target_node == NULL)
         target_node = mapping_tree_root;
     index = -1;
-    ret = mtn_get_be(target_node, pb, &new_be, &index, &new_referral, errorbuf);
+    ret = mtn_get_be(target_node, pb, &new_be, &index, &new_referral, errorbuf, ebuflen);
     if (ret)
         goto unlock_and_return;
 
@@ -2470,7 +2470,7 @@ int slapi_mapping_tree_select_and_check(Slapi_PBlock *pb,char *newdn, Slapi_Back
         const Slapi_DN *suffix = slapi_get_suffix_by_dn(target_sdn);
         if ((*be != def_be) && (NULL == suffix))
         {
-            slapi_create_errormsg(errorbuf, 0,
+            slapi_create_errormsg(errorbuf, ebuflen,
                     "Target entry \"%s\" does not exist\n", slapi_sdn_get_dn(target_sdn));
             ret = LDAP_NO_SUCH_OBJECT;
             goto unlock_and_return;
@@ -2484,25 +2484,25 @@ int slapi_mapping_tree_select_and_check(Slapi_PBlock *pb,char *newdn, Slapi_Back
             if (!slapi_be_exist((const Slapi_DN *)&dn_newdn))
             {
                 /* new_be is an empty backend */
-                slapi_create_errormsg(errorbuf, 0, "Backend for suffix \"%s\" does not exist\n", newdn);
+                slapi_create_errormsg(errorbuf, ebuflen, "Backend for suffix \"%s\" does not exist\n", newdn);
                 ret = LDAP_NO_SUCH_OBJECT;
                 goto unlock_and_return;
             }
             if (0 == slapi_sdn_compare(&dn_newdn, new_suffix))
             {
                 ret = LDAP_ALREADY_EXISTS;
-                slapi_create_errormsg(errorbuf, 0, "Suffix \"%s\" already exists\n", newdn);
+                slapi_create_errormsg(errorbuf, ebuflen, "Suffix \"%s\" already exists\n", newdn);
                 goto unlock_and_return;
             }
             ret = LDAP_NAMING_VIOLATION;
-            slapi_create_errormsg(errorbuf, 0, "Cannot rename suffix \"%s\"\n", slapi_sdn_get_dn(target_sdn));
+            slapi_create_errormsg(errorbuf, ebuflen, "Cannot rename suffix \"%s\"\n", slapi_sdn_get_dn(target_sdn));
             goto unlock_and_return;
         }
         else
         {
             if ((*be != new_be) || mtn_sdn_has_child(target_sdn))
             {
-                slapi_create_errormsg(errorbuf, 0, "Cannot move entries across backends\n");
+                slapi_create_errormsg(errorbuf, ebuflen, "Cannot move entries across backends\n");
                 ret = LDAP_AFFECTS_MULTIPLE_DSAS;
                 goto unlock_and_return;
             }
@@ -2613,7 +2613,7 @@ mtn_get_be_distributed(Slapi_PBlock *pb, mapping_tree_node * target_node,
  * that position must be returned
  */
 static int mtn_get_be(mapping_tree_node *target_node, Slapi_PBlock *pb,
-   Slapi_Backend **be, int * index, Slapi_Entry **referral, char *errorbuf)
+   Slapi_Backend **be, int * index, Slapi_Entry **referral, char *errorbuf, size_t ebuflen)
 {
     Slapi_DN *target_sdn;
     Slapi_Operation *op;
@@ -2633,7 +2633,7 @@ static int mtn_get_be(mapping_tree_node *target_node, Slapi_PBlock *pb,
     target_sdn = operation_get_target_spec (op);
 
     if (target_node->mtn_state == MTN_DISABLED) {
-        slapi_create_errormsg(errorbuf, 0,
+        slapi_create_errormsg(errorbuf, ebuflen,
                 "Warning: Operation attempted on a disabled node : %s\n",
                 slapi_sdn_get_dn(target_node->mtn_subtree));
         result = LDAP_OPERATIONS_ERROR;
@@ -2767,7 +2767,7 @@ static int mtn_get_be(mapping_tree_node *target_node, Slapi_PBlock *pb,
             }
             (*index)++;
             if (NULL == target_node->mtn_referral_entry) {
-                slapi_create_errormsg(errorbuf, 0, "Mapping tree node for %s is set to return a referral,"
+                slapi_create_errormsg(errorbuf, ebuflen, "Mapping tree node for %s is set to return a referral,"
                         " but no referral is configured for it", slapi_sdn_get_ndn(target_node->mtn_subtree));
                 result = LDAP_OPERATIONS_ERROR;
             } else {

ldap/servers/slapd/modify.c

@@ -66,7 +66,7 @@ mod_op_image (int op)
 #endif
 
 /* an AttrCheckFunc function should return an LDAP result code (LDAP_SUCCESS if all goes well). */
-typedef int (*AttrCheckFunc)(const char *attr_name, char *value, long minval, long maxval, char *errorbuf);
+typedef int (*AttrCheckFunc)(const char *attr_name, char *value, long minval, long maxval, char *errorbuf, size_t ebuflen);
 
 static struct attr_value_check {
 	const char *attr_name; /* the name of the attribute */
@@ -711,7 +711,7 @@ static void op_shared_modify (Slapi_PBlock *pb, int pw_change, char *old_pw)
 	 * appropriate one.
 	 */
 	errorbuf[0] = '\0';
-	if ((err = slapi_mapping_tree_select(pb, &be, &referral, errorbuf)) != LDAP_SUCCESS) {
+	if ((err = slapi_mapping_tree_select(pb, &be, &referral, errorbuf, sizeof(errorbuf))) != LDAP_SUCCESS) {
 		send_ldap_result(pb, err, NULL, errorbuf, 0, NULL);
 		be = NULL;
 		goto free_and_return;
@@ -766,7 +766,7 @@ static void op_shared_modify (Slapi_PBlock *pb, int pw_change, char *old_pw)
 							 */
 							if ( (err = AttrValueCheckList[i].checkfunc (AttrValueCheckList[i].attr_name,
 								(*tmpmods)->mod_bvalues[0]->bv_val, AttrValueCheckList[i].minval,
-								AttrValueCheckList[i].maxval, errorbuf))
+								AttrValueCheckList[i].maxval, errorbuf, sizeof(errorbuf)))
 								!= LDAP_SUCCESS)
 							{
 								/* return error */

ldap/servers/slapd/modrdn.c

@@ -572,7 +572,7 @@ op_shared_rename(Slapi_PBlock *pb, int passin_args)
 	/* slapi_mapping_tree_select_and_check ignores the case of newdn
 	 * which is generated using newrdn above. */
 	errorbuf[0] = '\0';
-	if ((err = slapi_mapping_tree_select_and_check(pb, newdn, &be, &referral, errorbuf)) != LDAP_SUCCESS)
+	if ((err = slapi_mapping_tree_select_and_check(pb, newdn, &be, &referral, errorbuf, sizeof(errorbuf))) != LDAP_SUCCESS)
 	{
 		send_ldap_result(pb, err, NULL, errorbuf, 0, NULL);
 		goto free_and_return_nolock;

ldap/servers/slapd/opshared.c

@@ -437,7 +437,7 @@ op_shared_search (Slapi_PBlock *pb, int send_result)
       /* no specific backend was requested, use the mapping tree
        */
       errorbuf[0] = '\0';
-      err_code = slapi_mapping_tree_select_all(pb, be_list, referral_list, errorbuf);
+      err_code = slapi_mapping_tree_select_all(pb, be_list, referral_list, errorbuf, sizeof(errorbuf));
       if (((err_code != LDAP_SUCCESS) && (err_code != LDAP_OPERATIONS_ERROR) && (err_code != LDAP_REFERRAL))
           || ((err_code == LDAP_OPERATIONS_ERROR) && (be_list[0] == NULL))) {
           send_ldap_result(pb, err_code, NULL, errorbuf, 0, NULL);

ldap/servers/slapd/proto-slap.h

@@ -38,8 +38,8 @@ void do_add( Slapi_PBlock *pb );
 void attr_done(Slapi_Attr *a);
 int attr_add_valuearray(Slapi_Attr *a, Slapi_Value **vals, const char *dn);
 int attr_replace(Slapi_Attr *a, Slapi_Value **vals);
-int attr_check_onoff ( const char *attr_name, char *value, long minval, long maxval, char *errorbuf );
-int attr_check_minmax ( const char *attr_name, char *value, long minval, long maxval, char *errorbuf );
+int attr_check_onoff(const char *attr_name, char *value, long minval, long maxval, char *errorbuf, size_t ebuflen);
+int attr_check_minmax(const char *attr_name, char *value, long minval, long maxval, char *errorbuf, size_t ebuflen);
 /**
  * Returns the function which can be used to compare (like memcmp/strcmp)
  * two values of this type of attribute.  The comparison function will use

ldap/servers/slapd/pw.c

@@ -2197,22 +2197,22 @@ pw_boolean_str2value (const char *str)
 }
 
 int
-check_pw_duration_value( const char *attr_name, char *value, 
-                       long minval, long maxval, char *errorbuf )
+check_pw_duration_value(const char *attr_name, char *value,
+                        long minval, long maxval, char *errorbuf, size_t ebuflen)
 {
 	int retVal = LDAP_SUCCESS;
 	long age;
 
 	age = parse_duration(value);
 	if (-1 == age) {
-		slapi_create_errormsg(errorbuf, 0, "password minimum age \"%s\" is invalid. ", value);
+		slapi_create_errormsg(errorbuf, ebuflen, "password minimum age \"%s\" is invalid. ", value);
 		retVal = LDAP_CONSTRAINT_VIOLATION;
 	} else if (0 == strcasecmp(CONFIG_PW_LOCKDURATION_ATTRIBUTE, attr_name)) {
 		if ( (age <= 0) ||
 			 (age > (MAX_ALLOWED_TIME_IN_SECS - current_time())) ||
 			 ((-1 != minval) && (age < minval)) ||
 			 ((-1 != maxval) && (age > maxval))) {
-			slapi_create_errormsg(errorbuf, 0, "%s: \"%s\" seconds is invalid. ", attr_name, value);
+			slapi_create_errormsg(errorbuf, ebuflen, "%s: \"%s\" seconds is invalid. ", attr_name, value);
 			retVal = LDAP_CONSTRAINT_VIOLATION;
 		}
 	} else {
@@ -2220,7 +2220,7 @@ check_pw_duration_value( const char *attr_name, char *value,
 			 (age > (MAX_ALLOWED_TIME_IN_SECS - current_time())) ||
 			 ((-1 != minval) && (age < minval)) ||
 			 ((-1 != maxval) && (age > maxval))) {
-			slapi_create_errormsg(errorbuf, 0, "%s: \"%s\" seconds is invalid. ", attr_name, value);
+			slapi_create_errormsg(errorbuf, ebuflen, "%s: \"%s\" seconds is invalid. ", attr_name, value);
 			retVal = LDAP_CONSTRAINT_VIOLATION;
 		}
 	}
@@ -2229,7 +2229,8 @@ check_pw_duration_value( const char *attr_name, char *value,
 }
 
 int
-check_pw_resetfailurecount_value( const char *attr_name, char *value, long minval, long maxval, char *errorbuf )
+check_pw_resetfailurecount_value(const char *attr_name, char *value,
+                                 long minval, long maxval, char *errorbuf, size_t ebuflen)
 {
 	int retVal = LDAP_SUCCESS;
 	long duration = 0; /* in minutes */
@@ -2237,7 +2238,7 @@ check_pw_resetfailurecount_value( const char *attr_name, char *value, long minva
 	/* in seconds */  
 	duration = strtol (value, NULL, 0);
 	if ( duration < 0 || duration > (MAX_ALLOWED_TIME_IN_SECS - current_time()) ) {
-		slapi_create_errormsg(errorbuf, 0, "password reset count duration \"%s\" seconds is invalid.", value);
+		slapi_create_errormsg(errorbuf, ebuflen, "password reset count duration \"%s\" seconds is invalid.", value);
 		retVal = LDAP_CONSTRAINT_VIOLATION;
 	}
 
@@ -2245,7 +2246,8 @@ check_pw_resetfailurecount_value( const char *attr_name, char *value, long minva
 }
 
 int
-check_pw_storagescheme_value( const char *attr_name, char *value, long minval, long maxval, char *errorbuf )
+check_pw_storagescheme_value(const char *attr_name, char *value,
+                             long minval, long maxval, char *errorbuf, size_t ebuflen)
 {
 	int retVal = LDAP_SUCCESS;
 	struct pw_scheme *new_scheme = NULL;
@@ -2255,10 +2257,10 @@ check_pw_storagescheme_value( const char *attr_name, char *value, long minval, l
 	new_scheme = pw_name2scheme(value);
 	if ( new_scheme == NULL) {
 		if ( scheme_list != NULL ) {
-			slapi_create_errormsg(errorbuf, 0, "%s: invalid scheme - %s. Valid schemes are: %s",
+			slapi_create_errormsg(errorbuf, ebuflen, "%s: invalid scheme - %s. Valid schemes are: %s",
 					CONFIG_PW_STORAGESCHEME_ATTRIBUTE, value, scheme_list );
 		} else {
-			slapi_create_errormsg(errorbuf, 0, "%s: invalid scheme - %s (no pwdstorage scheme plugin loaded)",
+			slapi_create_errormsg(errorbuf, ebuflen, "%s: invalid scheme - %s (no pwdstorage scheme plugin loaded)",
 					CONFIG_PW_STORAGESCHEME_ATTRIBUTE, value);
 		}
 		retVal = LDAP_CONSTRAINT_VIOLATION;
@@ -2272,7 +2274,7 @@ check_pw_storagescheme_value( const char *attr_name, char *value, long minval, l
 		*/ 
 
 		if (scheme_list) {
-			slapi_create_errormsg(errorbuf, 0, "%s: invalid encoding scheme - %s\nValid values are: %s\n",
+			slapi_create_errormsg(errorbuf, ebuflen, "%s: invalid encoding scheme - %s\nValid values are: %s\n",
 				CONFIG_PW_STORAGESCHEME_ATTRIBUTE, value, scheme_list );
 		}
 

ldap/servers/slapd/pw.h

@@ -36,9 +36,9 @@ struct passwordpolicyarray *new_passwdPolicy ( Slapi_PBlock *pb, const char *dn
 void delete_passwdPolicy( struct passwordpolicyarray **pwpolicy);
 
 /* function for checking the values of fine grained password policy attributes */
-int check_pw_duration_value( const char *attr_name, char *value, long minval, long maxval, char *errorbuf );
-int check_pw_resetfailurecount_value( const char *attr_name, char *value, long minval, long maxval, char *errorbuf );
-int check_pw_storagescheme_value( const char *attr_name, char *value, long minval, long maxval, char *errorbuf );
+int check_pw_duration_value(const char *attr_name, char *value, long minval, long maxval, char *errorbuf, size_t ebuflen);
+int check_pw_resetfailurecount_value(const char *attr_name, char *value, long minval, long maxval, char *errorbuf, size_t ebuflen);
+int check_pw_storagescheme_value(const char *attr_name, char *value, long minval, long maxval, char *errorbuf, size_t ebuflen);
 
 int pw_is_pwp_admin(Slapi_PBlock *pb, struct passwordpolicyarray *pwp);
 /*

ldap/servers/slapd/saslbind.c

@@ -955,7 +955,7 @@ sasl_check_result:
             slapi_add_auth_response_control(pb, normdn);
         }
 
-        if (slapi_mapping_tree_select(pb, &be, &referral, NULL) != LDAP_SUCCESS) {
+        if (slapi_mapping_tree_select(pb, &be, &referral, NULL, 0) != LDAP_SUCCESS) {
             send_nobackend_ldap_result( pb );
             be = NULL;
             LDAPDebug( LDAP_DEBUG_TRACE, "<= ids_sasl_check_bind\n", 0, 0, 0 );

ldap/servers/slapd/slapi-private.h

@@ -681,14 +681,14 @@ PRBool slapi_mapping_tree_node_is_set (const mapping_tree_node *node,
 	PRUint32 flag); 
 Slapi_DN* slapi_mtn_get_dn(mapping_tree_node *node);
 int slapi_mapping_tree_select_and_check(Slapi_PBlock *pb,char *newdn,
-	Slapi_Backend **be, Slapi_Entry **referral, char *errorbuf);
+	Slapi_Backend **be, Slapi_Entry **referral, char *errorbuf, size_t ebuflen);
 int slapi_mapping_tree_select_all(Slapi_PBlock *pb, Slapi_Backend **be_list,
-	Slapi_Entry **referral_list, char *errorbuf);
+	Slapi_Entry **referral_list, char *errorbuf, size_t ebuflen);
 void slapi_mapping_tree_free_all(Slapi_Backend **be_list,
 	Slapi_Entry **referral_list);
 
 /* Mapping Tree */
-int slapi_mapping_tree_select(Slapi_PBlock *pb, Slapi_Backend **be, Slapi_Entry **referral, char *error_string);
+int slapi_mapping_tree_select(Slapi_PBlock *pb, Slapi_Backend **be, Slapi_Entry **referral, char *error_string, size_t ebuflen);
 char ** slapi_mtn_get_referral(const Slapi_DN *sdn);
 int slapi_mtn_set_referral(const Slapi_DN *sdn, char ** referral);
 int slapi_mtn_set_state(const Slapi_DN *sdn, char *state);

ldap/servers/slapd/ssl.c

@@ -3022,7 +3022,7 @@ slapd_extract_key(Slapi_Entry *entry, char *token, PK11SlotInfo *slot)
      * password to get NSS to export an encrypted
      * key which we will decrypt.
      */
-    rv = PK11_GenerateRandom(randomPassword, sizeof((const char *)randomPassword) - 1);
+    rv = PK11_GenerateRandom(randomPassword, sizeof(randomPassword) - 1);
     if (rv != SECSuccess) {
         slapi_log_error(SLAPI_LOG_FATAL, "slapd_extract_key", "Failed to generate random.\n");
         goto bail;