Ticket #48800 - Cleaning up error buffers

Description: The changes in this patch is mainly one of these,
1. unifying error buffer size to SLAPI_DSE_RETURNTEXT_SIZE.
   An error buf is filled either in config, mapping-tree, log, pass-
   word code, where the size SLAPI_DSE_RETURNTEXT_SIZE is expected,
   while some callers declare BUFSIZ array and pass it.
   Note: SLAPI_DSE_RETURNTEXT_SIZE is defined as 512 in slapi-plugin.h.

2. replacing PR_snprintf with slapi_create_errormsg.
   slapi_create_errormsg is almost the same as PR_snprintf except
   2-1 the former does not do anything if the place to write the error
       message is NULL.  With this change, we can skip returning an
       error message if it is not needed.
   2-2 If buffer size 0 is given, sizeof(buffer) is used as the size
       of buffer.  The strict size is supposed to be passed only when
       the error buffer is allocated on the heap.

3. Avoiding unnecessary array.
   Caller sometimes declares an error buffer even though it does not
   use it.  This patch removed such error buffer declaration or moved
   it in the local block where it is being used.

https://fedorahosted.org/389/ticket/48800

Reviewed by [email protected] (Thank you, William!!)

ldap/servers/plugins/acl/acllas.c

@@ -1306,9 +1306,7 @@ DS_LASUserDnAttrEval(NSErr_t *errp, char *attr_name, CmpOp_t comparator,
 					/* Wow it matches */
 					slapi_log_error( SLAPI_LOG_ACL, plugin_name,
 						"%s matches(%s, %s) level (%d)\n", attr_name,
-						val,
-				ACL_ESCAPE_STRING_WITH_PUNCTUATION (lasinfo.clientDn, ebuf),
-						0);
+						val, ACL_ESCAPE_STRING_WITH_PUNCTUATION (lasinfo.clientDn, ebuf), 0);
 					matched = ACL_TRUE;
 					slapi_ch_free ( (void **) &val);
 					break;
@@ -2844,7 +2842,6 @@ acllas__eval_memberGroupDnAttr (char *attrName, Slapi_Entry *e,
 	char			*str, *s_str, *base, *groupattr = NULL;
 	int				i,j,k,matched, enumerate_groups;
 	aclUserGroup	*u_group;
-	char			ebuf [ BUFSIZ ];
 	Slapi_Value     *sval=NULL;
 	const struct berval	*attrVal;
 
@@ -2967,14 +2964,18 @@ acllas__eval_memberGroupDnAttr (char *attrName, Slapi_Entry *e,
 
 			slapi_ch_free_string(&filter_str_ptr);
 
-			if (tt == info.lu_idx) {
-				slapi_log_error( SLAPI_LOG_ACL, plugin_name, "currDn:(%s) \n\tNO MEMBER ADDED\n", 
-								ACL_ESCAPE_STRING_WITH_PUNCTUATION (curMemberDn, ebuf));
-			} else {
-				for (i=tt; i < info.lu_idx; i++)
-					slapi_log_error( SLAPI_LOG_ACL, plugin_name, 
-						"currDn:(%s) \n\tADDED MEMBER[%d]=%s\n", 
-						ACL_ESCAPE_STRING_WITH_PUNCTUATION (curMemberDn, ebuf), i, info.member[i]);
+			if (slapi_is_loglevel_set(SLAPI_LOG_ACL)) {
+				char ebuf[BUFSIZ];
+				if (tt == info.lu_idx) {
+					slapi_log_error(SLAPI_LOG_ACL, plugin_name, "currDn:(%s) \n\tNO MEMBER ADDED\n",
+					                ACL_ESCAPE_STRING_WITH_PUNCTUATION (curMemberDn, ebuf));
+				} else {
+					for (i=tt; i < info.lu_idx; i++) {
+						slapi_log_error(SLAPI_LOG_ACL, plugin_name,
+						                "currDn:(%s) \n\tADDED MEMBER[%d]=%s\n",
+						                ACL_ESCAPE_STRING_WITH_PUNCTUATION (curMemberDn, ebuf), i, info.member[i]);
+					}
+				}
 			}
 
 			if (info.c_idx >= info.lu_idx) {
@@ -3019,10 +3020,14 @@ acllas__eval_memberGroupDnAttr (char *attrName, Slapi_Entry *e,
 		}
 	}
 
-	for (j=0; j < u_group->aclug_numof_member_group; j++)
-		slapi_log_error( SLAPI_LOG_ACL, plugin_name, 
-				"acllas__eval_memberGroupDnAttr:GROUP[%d] IN CACHE:%s\n", 
-					j, ACL_ESCAPE_STRING_WITH_PUNCTUATION (u_group->aclug_member_groups[j], ebuf));
+	if (slapi_is_loglevel_set(SLAPI_LOG_ACL)) {
+		char ebuf[BUFSIZ];
+		for (j = 0; j < u_group->aclug_numof_member_group; j++) {
+			slapi_log_error(SLAPI_LOG_ACL, plugin_name,
+			                "acllas__eval_memberGroupDnAttr:GROUP[%d] IN CACHE:%s\n",
+			                j, ACL_ESCAPE_STRING_WITH_PUNCTUATION (u_group->aclug_member_groups[j], ebuf));
+		}
+	}
 
 	matched = ACL_FALSE;
 	slapi_entry_attr_find( e, groupattr, &attr);
@@ -4467,7 +4472,6 @@ acllas_eval_one_role(char *role, lasInfo *lasinfo) {
 	
 	Slapi_DN *roleDN = NULL;
 	int rc = ACL_FALSE;	
-	char    ebuf [ BUFSIZ ];
 
 	/*
 	 * See if lasinfo.clientDn has role rolebuf.
@@ -4478,26 +4482,24 @@ acllas_eval_one_role(char *role, lasInfo *lasinfo) {
 
 	roleDN = slapi_sdn_new_dn_byval(role);
 	if (role) {
-		rc = acllas__user_has_role(									
-								lasinfo->aclpb,	      						
-			      				roleDN, 
-			      				lasinfo->aclpb->aclpb_authorization_sdn);
+		rc = acllas__user_has_role(lasinfo->aclpb, roleDN, lasinfo->aclpb->aclpb_authorization_sdn);
 	} else {	/* The user does not have the empty role */
 		rc = ACL_FALSE;
 	}
 	slapi_sdn_free(&roleDN );
 
 	/* Some useful logging */
-	if (rc == ACL_TRUE ) {
-		slapi_log_error( SLAPI_LOG_ACL, plugin_name,
-                        "role evaluation: user '%s' does have role '%s'\n",
-                ACL_ESCAPE_STRING_WITH_PUNCTUATION (lasinfo->clientDn, ebuf),
-                        role);
-	} else {
-		slapi_log_error( SLAPI_LOG_ACL, plugin_name,
-                        "role evaluation: user '%s' does NOT have role '%s'\n",
-                ACL_ESCAPE_STRING_WITH_PUNCTUATION (lasinfo->clientDn, ebuf),
-				role);
+	if (slapi_is_loglevel_set(SLAPI_LOG_ACL)) {
+		char ebuf[BUFSIZ];
+		if (rc == ACL_TRUE ) {
+			slapi_log_error(SLAPI_LOG_ACL, plugin_name,
+			                "role evaluation: user '%s' does have role '%s'\n",
+			                ACL_ESCAPE_STRING_WITH_PUNCTUATION (lasinfo->clientDn, ebuf), role);
+		} else {
+			slapi_log_error(SLAPI_LOG_ACL, plugin_name,
+			                "role evaluation: user '%s' does NOT have role '%s'\n",
+			                ACL_ESCAPE_STRING_WITH_PUNCTUATION (lasinfo->clientDn, ebuf), role);
+		}
 	}
 	return(rc);
 }

ldap/servers/plugins/acl/aclutil.c

@@ -165,14 +165,13 @@ void
 aclutil_print_err (int rv , const Slapi_DN *sdn, const struct berval* val,
 	char **errbuf)
 {
-	char	ebuf [BUFSIZ];
+	char	ebuf[BUFSIZ];
 	/* 
 	 * The maximum size of line is ebuf_size + the log message
 	 * itself (less than 200 characters for all but potentially ACL_INVALID_TARGET)
 	 */
-	char	line [BUFSIZ + 200]; 
-	char	str  [1024];
-	const char	*dn;
+	char line[BUFSIZ + 200]; 
+	char str[1024];
 	char *lineptr = line;
 	char *newline = NULL;
 
@@ -185,68 +184,71 @@ aclutil_print_err (int rv , const Slapi_DN *sdn, const struct berval* val,
 	    str[0] = '\0';
 	}
 
-	dn = slapi_sdn_get_dn ( sdn );
-	if (dn && (rv == ACL_INVALID_TARGET) && ((strlen(dn) + strlen(str)) > BUFSIZ)) {
-		/*
-		 * if (str_length + dn_length + 200 char message) > (BUFSIZ + 200) line
-		 * we have to make space for a bigger line...
-		 */
-		newline = slapi_ch_malloc(strlen(dn) + strlen(str) + 200);
-		lineptr = newline;
-	}
-
 	switch (rv) {
 	   case ACL_TARGET_FILTER_ERR:
-		sprintf (line, "ACL Internal Error(%d): "
+		sprintf (lineptr, "ACL Internal Error(%d): "
 			 "Error in generating the target filter for the ACL(%s)\n",
 			 rv, escape_string_with_punctuation (str, ebuf));
 		break;
 	   case ACL_TARGETATTR_FILTER_ERR:
-		sprintf (line, "ACL Internal Error(%d): "
+		sprintf (lineptr, "ACL Internal Error(%d): "
 			 "Error in generating the targetattr filter for the ACL(%s)\n",
 			 rv, escape_string_with_punctuation (str, ebuf));
 		break;
 	   case ACL_TARGETFILTER_ERR:
-		sprintf (line, "ACL Internal Error(%d): "
+		sprintf (lineptr, "ACL Internal Error(%d): "
 			 "Error in generating the targetfilter filter for the ACL(%s)\n",
 			 rv, escape_string_with_punctuation (str, ebuf));
 		break;
 	   case ACL_SYNTAX_ERR:
-		sprintf (line, "ACL Syntax Error(%d):%s\n",
+		sprintf (lineptr, "ACL Syntax Error(%d):%s\n",
 			 rv, escape_string_with_punctuation (str, ebuf));
 		break;
 	   case ACL_ONEACL_TEXT_ERR:
-		sprintf (line, "ACL Syntax Error in the Bind Rules(%d):%s\n",
+		sprintf (lineptr, "ACL Syntax Error in the Bind Rules(%d):%s\n",
 			 rv, escape_string_with_punctuation (str, ebuf));
 		break;
 	   case ACL_ERR_CONCAT_HANDLES:
-		sprintf (line, "ACL Internal Error(%d): "
+		sprintf (lineptr, "ACL Internal Error(%d): "
 			 "Error in Concatenating List handles\n",
 			 rv);
 		break;
 	   case ACL_INVALID_TARGET:
+		{
+		size_t newsize;
+		const char *dn = slapi_sdn_get_dn(sdn);
+		newsize = strlen(dn) + strlen(str) + 200;
+		if (dn && (newsize > sizeof(line))) {
+			/*
+			 * if (str_length + dn_length + 200 char message) > (BUFSIZ + 200) line
+			 * we have to make space for a bigger line...
+			 */
+			newline = slapi_ch_malloc(newsize);
+			lineptr = newline;
+		}
 		sprintf (lineptr, "ACL Invalid Target Error(%d): "
 			 "Target is beyond the scope of the ACL(SCOPE:%s)",
 			 rv, dn ? escape_string_with_punctuation (dn, ebuf) : "NULL");
 		sprintf (lineptr + strlen(lineptr), " %s\n", escape_string_with_punctuation (str, ebuf));
 		break;
+		}
 	   case ACL_INVALID_AUTHMETHOD:
-		sprintf (line, "ACL Multiple auth method Error(%d):"
+		sprintf (lineptr, "ACL Multiple auth method Error(%d):"
 			 "Multiple Authentication Metod in the ACL(%s)\n",
 			 rv, escape_string_with_punctuation (str, ebuf));
 		break;
 	   case ACL_INVALID_AUTHORIZATION:
-		sprintf (line, "ACL Syntax Error(%d):"
+		sprintf (lineptr, "ACL Syntax Error(%d):"
 			 "Invalid Authorization statement in the ACL(%s)\n",
 			 rv, escape_string_with_punctuation (str, ebuf));
 		break;
 	   case ACL_INCORRECT_ACI_VERSION:
-		sprintf (line, "ACL Syntax Error(%d):"
+		sprintf (lineptr, "ACL Syntax Error(%d):"
 			 "Incorrect version Number in the ACL(%s)\n",
 			 rv, escape_string_with_punctuation (str, ebuf));
 		break;
 	   default:
-		sprintf (line, "ACL Internal Error(%d):"
+		sprintf (lineptr, "ACL Internal Error(%d):"
 			 "ACL generic error (%s)\n",
 			 rv, escape_string_with_punctuation (str, ebuf));
 		break;
@@ -254,7 +256,7 @@ aclutil_print_err (int rv , const Slapi_DN *sdn, const struct berval* val,
 
 	if (errbuf) {
 		/* If a buffer is provided, then copy the error */
-		aclutil_str_append(errbuf, lineptr );	
+		aclutil_str_append(errbuf, lineptr);	
 	}
 
 	slapi_log_error( SLAPI_LOG_FATAL, plugin_name, "%s", lineptr);

ldap/servers/plugins/replication/repl5_connection.c

@@ -2190,7 +2190,6 @@ static void
 repl5_stop_debug_timeout(Slapi_Eq_Context eqctx, int *setlevel)
 {
 	char buf[20];
-	char msg[SLAPI_DSE_RETURNTEXT_SIZE];
 
 	if (eqctx && !*setlevel) {
 		(void)slapi_eq_cancel(eqctx);
@@ -2199,7 +2198,7 @@ repl5_stop_debug_timeout(Slapi_Eq_Context eqctx, int *setlevel)
 	if (s_debug_timeout && s_debug_level && *setlevel) {
 		void config_set_errorlog_level(const char *type, char *buf, char *msg, int apply);
 		sprintf(buf, "%d", 0);
-		config_set_errorlog_level("nsslapd-errorlog-level", buf, msg, 1);
+		config_set_errorlog_level("nsslapd-errorlog-level", buf, NULL, 1);
 	}
 }
 
@@ -2209,11 +2208,10 @@ repl5_debug_timeout_callback(time_t when, void *arg)
 	int *setlevel = (int *)arg;
 	void config_set_errorlog_level(const char *type, char *buf, char *msg, int apply);
 	char buf[20];
-	char msg[SLAPI_DSE_RETURNTEXT_SIZE];
 
 	*setlevel = 1;
 	sprintf(buf, "%d", s_debug_level);
-	config_set_errorlog_level("nsslapd-errorlog-level", buf, msg, 1);
+	config_set_errorlog_level("nsslapd-errorlog-level", buf, NULL, 1);
 
 	slapi_log_error(SLAPI_LOG_FATAL, repl_plugin_name, 
 		"repl5_debug_timeout_callback: set debug level to %d at %ld\n",

ldap/servers/plugins/replication/windows_connection.c

@@ -2029,7 +2029,6 @@ static void
 repl5_stop_debug_timeout(Slapi_Eq_Context eqctx, int *setlevel)
 {
 	char buf[20];
-	char msg[SLAPI_DSE_RETURNTEXT_SIZE];
 
 	LDAPDebug( LDAP_DEBUG_TRACE, "=> repl5_stop_debug_timeout\n", 0, 0, 0 );
 
@@ -2040,7 +2039,7 @@ repl5_stop_debug_timeout(Slapi_Eq_Context eqctx, int *setlevel)
 	if (s_debug_timeout && s_debug_level && *setlevel) {
 		/* No longer needed as we are including the one in slap.h */
 		sprintf(buf, "%d", 0);
-		config_set_errorlog_level("nsslapd-errorlog-level", buf, msg, 1);
+		config_set_errorlog_level("nsslapd-errorlog-level", buf, NULL, 1);
 	}
 
 	LDAPDebug( LDAP_DEBUG_TRACE, "<= repl5_stop_debug_timeout\n", 0, 0, 0 );
@@ -2052,13 +2051,12 @@ repl5_debug_timeout_callback(time_t when, void *arg)
 	int *setlevel = (int *)arg;
 	/* No longer needed as we are including the one in slap.h */
 	char buf[20];
-	char msg[SLAPI_DSE_RETURNTEXT_SIZE];
 
 	LDAPDebug( LDAP_DEBUG_TRACE, "=> repl5_debug_timeout_callback\n", 0, 0, 0 );
 
 	*setlevel = 1;
 	sprintf(buf, "%d", s_debug_level);
-	config_set_errorlog_level("nsslapd-errorlog-level", buf, msg, 1);
+	config_set_errorlog_level("nsslapd-errorlog-level", buf, NULL, 1);
 
 	slapi_log_error(SLAPI_LOG_FATAL, windows_repl_plugin_name, 
 		"repl5_debug_timeout_callback: set debug level to %d at %ld\n",

ldap/servers/plugins/retrocl/retrocl.c

@@ -189,7 +189,7 @@ static int retrocl_select_backend(void)
     Slapi_Backend *be = NULL;
     Slapi_Entry *referral = NULL;
     Slapi_Operation *op = NULL;
-    char errbuf[BUFSIZ];
+    char errbuf[SLAPI_DSE_RETURNTEXT_SIZE];
 
     pb = slapi_pblock_new();
 
@@ -204,19 +204,19 @@ static int retrocl_select_backend(void)
     slapi_pblock_set(pb,SLAPI_OPERATION, op);
 
     err = slapi_mapping_tree_select(pb,&be,&referral,errbuf);
-	slapi_entry_free(referral);
+    slapi_entry_free(referral);
 
     if (err != LDAP_SUCCESS || be == NULL || be == defbackend_get_backend()) {
-        LDAPDebug2Args(LDAP_DEBUG_TRACE,"Mapping tree select failed (%d) %s.\n",
-		  err,errbuf);
-	
-	/* could not find the backend for cn=changelog, either because
-	 * it doesn't exist
-	 * mapping tree not registered.
-	 */
-	err = retrocl_create_config();
+        slapi_log_error(SLAPI_LOG_FATAL, RETROCL_PLUGIN_NAME,
+                        "Mapping tree select failed (%d) %s.\n", err, errbuf);
+        
+        /* could not find the backend for cn=changelog, either because
+         * it doesn't exist
+         * mapping tree not registered.
+         */
+        err = retrocl_create_config();
 
-	if (err != LDAP_SUCCESS) return err;
+        if (err != LDAP_SUCCESS) return err;
     } else {
       retrocl_be_changelog = be;
     }

ldap/servers/plugins/syntaxes/string.c

@@ -196,7 +196,6 @@ string_filter_sub( Slapi_PBlock *pb, char *initial, char **any, char *final,
 	size_t		tmpbufsize;
 	char		pat[BUFSIZ];
 	char		buf[BUFSIZ];
-	char		ebuf[BUFSIZ];
 	time_t		curtime = 0;
 	time_t		time_up = 0;
 	time_t		optime = 0; /* time op was initiated */
@@ -327,9 +326,9 @@ string_filter_sub( Slapi_PBlock *pb, char *initial, char **any, char *final,
 					   pat, p, re_result?re_result:"unknown" );
 			rc = LDAP_OPERATIONS_ERROR;
 			goto bailout;
-		} else {
-			LDAPDebug( LDAP_DEBUG_TRACE, "re_comp (%s)\n",
-					   escape_string( p, ebuf ), 0, 0 );
+		} else if (slapi_is_loglevel_set(SLAPI_LOG_TRACE)) {
+			char ebuf[BUFSIZ];
+			LDAPDebug(LDAP_DEBUG_TRACE, "re_comp (%s)\n", escape_string(p, ebuf), 0, 0);
 		}
 	}
 
@@ -375,8 +374,10 @@ string_filter_sub( Slapi_PBlock *pb, char *initial, char **any, char *final,
 			tmprc = slapi_re_exec( re, realval, time_up );
 		}
 
-		LDAPDebug( LDAP_DEBUG_TRACE, "re_exec (%s) %i\n",
-				   escape_string( realval, ebuf ), tmprc, 0 );
+		if (slapi_is_loglevel_set(SLAPI_LOG_TRACE)) {
+			char ebuf[BUFSIZ];
+			LDAPDebug(LDAP_DEBUG_TRACE, "re_exec (%s) %i\n", escape_string(realval, ebuf), tmprc, 0);
+		}
 		if ( tmprc == 1 ) {
 			rc = 0;
 			break;

ldap/servers/slapd/add.c

@@ -150,9 +150,9 @@ do_add( Slapi_PBlock *pb )
 
 		normtype = slapi_attr_syntax_normalize(type);
 		if ( !normtype || !*normtype ) {
-			char ebuf[ BUFSIZ ];
+			char ebuf[SLAPI_DSE_RETURNTEXT_SIZE];
 			rc = LDAP_INVALID_SYNTAX;
-			PR_snprintf (ebuf, BUFSIZ, "invalid type '%s'", type);
+			slapi_create_errormsg(ebuf, 0, "invalid type '%s'", type);
 			op_shared_log_error_access (pb, "ADD", slapi_sdn_get_dn (slapi_entry_get_sdn_const(e)), ebuf);
 			send_ldap_result( pb, rc, NULL, ebuf, 0, NULL );
             slapi_ch_free_string(&type);
@@ -423,7 +423,7 @@ static void op_shared_add (Slapi_PBlock *pb)
 	char *pwdtype = NULL;
 	Slapi_Attr *attr = NULL;
 	Slapi_Entry *referral;
-	char errorbuf[BUFSIZ];
+	char errorbuf[SLAPI_DSE_RETURNTEXT_SIZE];
 	struct slapdplugin  *p = NULL;
 	char *proxydn = NULL;
 	char *proxystr = NULL;

ldap/servers/slapd/attr.c

@@ -942,14 +942,13 @@ attr_check_onoff ( const char *attr_name, char *value, long minval, long maxval,
 {
 	int retVal = LDAP_SUCCESS;
 
-	if ( strcasecmp ( value, "on" ) != 0 &&
-		strcasecmp ( value, "off") != 0 &&
-		strcasecmp ( value, "1" ) != 0 &&
-		strcasecmp ( value, "0" ) != 0 &&
-		strcasecmp ( value, "true" ) != 0 &&
-		strcasecmp ( value, "false" ) != 0 ) {
-			PR_snprintf ( errorbuf, BUFSIZ,
-			"%s: invalid value \"%s\".", attr_name, value );
+	if (strcasecmp ( value, "on" ) != 0 &&
+	    strcasecmp ( value, "off") != 0 &&
+	    strcasecmp ( value, "1" ) != 0 &&
+	    strcasecmp ( value, "0" ) != 0 &&
+	    strcasecmp ( value, "true" ) != 0 &&
+	    strcasecmp ( value, "false" ) != 0 ) {
+		slapi_create_errormsg(errorbuf, 0, "%s: invalid value \"%s\".", attr_name, value);
 		retVal = LDAP_CONSTRAINT_VIOLATION;
 	}
 
@@ -965,9 +964,7 @@ attr_check_minmax ( const char *attr_name, char *value, long minval, long maxval
 	val = strtol(value, NULL, 0);
 	if ( (minval != -1 ? (val < minval ? 1 : 0) : 0) ||
 		 (maxval != -1 ? (val > maxval ? 1 : 0) : 0) ) {
-		PR_snprintf ( errorbuf, BUFSIZ, 
-			"%s: invalid value \"%s\".",
-			attr_name, value );
+		slapi_create_errormsg(errorbuf, 0, "%s: invalid value \"%s\".", attr_name, value);
 		retVal = LDAP_CONSTRAINT_VIOLATION;
 	}
 

ldap/servers/slapd/back-ldbm/import-threads.c

@@ -1761,7 +1761,7 @@ upgradedn_producer(void *param)
                 if (NULL == dn_norm_sp_conflicts) {
                     char buf[BUFSIZ];
                     int my_max = 8;
-                    while (fgets(buf, BUFSIZ-1, job->upgradefd)) {
+                    while (fgets(buf, sizeof(buf)-1, job->upgradefd)) {
                         /* search "OID0: OID1 OID2 ... */
                         if (!isdigit(*buf) || (NULL == PL_strchr(buf, ':'))) {
                             continue;
@@ -3535,7 +3535,7 @@ dse_conf_backup_core(struct ldbminfo *li, char *dest_dir, char *file_name, char
         LDAPDebug(LDAP_DEBUG_TRACE, "\ndn: %s\n", 
                  slapi_entry_get_dn_const(*ep), 0, 0);
 
-        if (l <= BUFSIZ)
+        if (l <= sizeof(tmpbuf))
             tp = tmpbuf;
         else
             tp = (char *)slapi_ch_malloc(l);    /* should be very rare ... */
@@ -3547,11 +3547,11 @@ dse_conf_backup_core(struct ldbminfo *li, char *dest_dir, char *file_name, char
                 "dse_conf_backup(%s): write %s failed: %d (%s)\n",
                 filter, PR_GetError(), slapd_pr_strerror(PR_GetError()));
             rval = -1;
-            if (l > BUFSIZ)
+            if (l > sizeof(tmpbuf))
                 slapi_ch_free_string(&tp);
             goto out;
         }
-        if (l > BUFSIZ)
+        if (l > sizeof(tmpbuf))
             slapi_ch_free_string(&tp);
 
         for (slapi_entry_first_attr(*ep, &attr); attr;
@@ -3574,7 +3574,7 @@ dse_conf_backup_core(struct ldbminfo *li, char *dest_dir, char *file_name, char
                 l = strlen(attr_val->bv_val) + attr_name_len + 3; /* : \n" */
                 LDAPDebug(LDAP_DEBUG_TRACE, "%s: %s\n", attr_name,
                             attr_val->bv_val, 0);
-                if (l <= BUFSIZ)
+                if (l <= sizeof(tmpbuf))
                     tp = tmpbuf;
                 else
                     tp = (char *)slapi_ch_malloc(l);
@@ -3586,11 +3586,11 @@ dse_conf_backup_core(struct ldbminfo *li, char *dest_dir, char *file_name, char
                         "dse_conf_backup(%s): write %s failed: %d (%s)\n",
                         filter, PR_GetError(), slapd_pr_strerror(PR_GetError()));
                     rval = -1;
-                    if (l > BUFSIZ)
+                    if (l > sizeof(tmpbuf))
                         slapi_ch_free_string(&tp);
                     goto out;
                 }
-                if (l > BUFSIZ)
+                if (l > sizeof(tmpbuf))
                     slapi_ch_free_string(&tp);
             }
         }
@@ -3980,19 +3980,18 @@ _get_import_entryusn(ImportJob *job, Slapi_Value **usn_value)
             /* import_init value is not digit.
              * Use the counter which stores the old DB's
              * next entryusn. */
-            PR_snprintf(counter_buf, USN_COUNTER_BUF_LEN,
-                    "%" NSPRIu64,
-                    slapi_counter_get_value(be->be_usn_counter));
+            PR_snprintf(counter_buf, sizeof(counter_buf),
+                    "%" NSPRIu64, slapi_counter_get_value(be->be_usn_counter));
         } else {
             /* import_init value is digit.
              * Initialize the entryusn values with the digit */
-            PR_snprintf(counter_buf, USN_COUNTER_BUF_LEN, "%s", usn_init_str);
+            PR_snprintf(counter_buf, sizeof(counter_buf), "%s", usn_init_str);
         }
         slapi_ch_free_string(&usn_init_str);
     } else {
         /* nsslapd-entryusn-import-init is not defined */
          /* Initialize to 0 by default */
-        PR_snprintf(counter_buf, USN_COUNTER_BUF_LEN, "0");
+        PR_snprintf(counter_buf, sizeof(counter_buf), "0");
     }
     usn_berval.bv_val = counter_buf;
     usn_berval.bv_len = strlen(usn_berval.bv_val);

ldap/servers/slapd/back-ldbm/ldbm_config.c

@@ -73,11 +73,9 @@ int ldbm_config_add_dse_entries(struct ldbminfo *li, char **entries, char *strin
         rc = slapi_add_internal_pb(util_pb);
         slapi_pblock_get(util_pb, SLAPI_PLUGIN_INTOP_RESULT, &result);
         if (!rc && (result == LDAP_SUCCESS)) {
-            LDAPDebug(LDAP_DEBUG_CONFIG, "Added database config entry [%s]\n",
-                      ebuf, 0, 0);
+            LDAPDebug1Arg(LDAP_DEBUG_CONFIG, "Added database config entry [%s]\n", ebuf);
         } else if (result == LDAP_ALREADY_EXISTS) {
-            LDAPDebug(LDAP_DEBUG_TRACE, "Database config entry [%s] already exists - skipping\n",
-                      ebuf, 0, 0);
+            LDAPDebug1Arg(LDAP_DEBUG_TRACE, "Database config entry [%s] already exists - skipping\n", ebuf);
         } else {
             LDAPDebug(LDAP_DEBUG_ANY, "Unable to add config entry [%s] to the DSE: %d %d\n",
                       ebuf, result, rc);
@@ -294,7 +292,9 @@ static int ldbm_config_directory_set(void *arg, void *value, char *errorbuf, int
     char *val = (char *) value;
     char tmpbuf[BUFSIZ];
 
-    errorbuf[0] = '\0';
+    if (errorbuf) {
+        errorbuf[0] = '\0';
+    }
 
     if (!apply) {
         /* we should really do some error checking here. */
@@ -425,10 +425,8 @@ static int ldbm_config_dbcachesize_set(void *arg, void *value, char *errorbuf, i
         } else if (val > li->li_dbcachesize) {
             delta = val - li->li_dbcachesize;
             if (!util_is_cachesize_sane(&delta)){
-                PR_snprintf(errorbuf, SLAPI_DSE_RETURNTEXT_SIZE,
-                        "Error: dbcachememsize value is too large.");
-                LDAPDebug( LDAP_DEBUG_ANY,"Error: dbcachememsize value is too large.\n",
-                        0, 0, 0);
+                slapi_create_errormsg(errorbuf, 0, "Error: dbcachememsize value is too large.");
+                LDAPDebug0Args(LDAP_DEBUG_ANY,"Error: dbcachememsize value is too large.\n");
                 return LDAP_UNWILLING_TO_PERFORM;
             }
         }
@@ -499,10 +497,8 @@ static int ldbm_config_dbncache_set(void *arg, void *value, char *errorbuf, int
         if (val > li->li_dbncache) {
             delta = val - li->li_dbncache;
             if (!util_is_cachesize_sane(&delta)){
-                PR_snprintf(errorbuf, SLAPI_DSE_RETURNTEXT_SIZE,
-                        "Error: dbncache size value is too large.");
-                LDAPDebug( LDAP_DEBUG_ANY,"Error: dbncache size value is too large.\n",
-                        val, 0, 0);
+                slapi_create_errormsg(errorbuf, 0, "Error: dbncache size value is too large.");
+                LDAPDebug1Arg(LDAP_DEBUG_ANY,"Error: dbncache size value is too large.\n", val);
                 return LDAP_UNWILLING_TO_PERFORM;
             }
         }
@@ -784,7 +780,7 @@ static int ldbm_config_db_old_idl_maxids_set(void *arg, void *value, char *error
         if(val >= 0){
             li->li_old_idl_maxids = val;
         } else {
-            PR_snprintf(errorbuf, SLAPI_DSE_RETURNTEXT_SIZE,
+            slapi_create_errormsg(errorbuf, 0,
         	            "Error: Invalid value for %s (%d). Value must be equal or greater than zero.",
         	            CONFIG_DB_OLD_IDL_MAXIDS, val);
             return LDAP_UNWILLING_TO_PERFORM;
@@ -848,10 +844,11 @@ static int ldbm_config_db_trickle_percentage_set(void *arg, void *value, char *e
     int val = (int) ((uintptr_t)value);
     
     if (val < 0 || val > 100) {
-        PR_snprintf(errorbuf, SLAPI_DSE_RETURNTEXT_SIZE,
-                    "Error: Invalid value for %s (%d). Must be between 0 and 100\n", CONFIG_DB_TRICKLE_PERCENTAGE, val);
-        LDAPDebug(LDAP_DEBUG_ANY, "%s", errorbuf, 0, 0);
-            return LDAP_UNWILLING_TO_PERFORM;
+        slapi_create_errormsg(errorbuf, 0, "Error: Invalid value for %s (%d). Must be between 0 and 100\n",
+            CONFIG_DB_TRICKLE_PERCENTAGE, val);
+        LDAPDebug2Args(LDAP_DEBUG_ANY, "Error: Invalid value for %s (%d). Must be between 0 and 100\n",
+            CONFIG_DB_TRICKLE_PERCENTAGE, val);
+        return LDAP_UNWILLING_TO_PERFORM;
     }
     
     if (apply) {
@@ -1081,10 +1078,8 @@ static int ldbm_config_db_cache_set(void *arg, void *value, char *errorbuf, int
         if (val > li->li_dblayer_private->dblayer_cache_config) {
             delta = val - li->li_dblayer_private->dblayer_cache_config;
             if (!util_is_cachesize_sane(&delta)){
-                PR_snprintf(errorbuf, SLAPI_DSE_RETURNTEXT_SIZE,
-                        "Error: db cachesize value is too large");
-                LDAPDebug( LDAP_DEBUG_ANY,"Error: db cachesize value is too large.\n",
-                        val, 0, 0);
+                slapi_create_errormsg(errorbuf, 0, "Error: db cachesize value is too large");
+                LDAPDebug1Arg(LDAP_DEBUG_ANY,"Error: db cachesize value is too large.\n", val);
                 return LDAP_UNWILLING_TO_PERFORM;
             }
         }
@@ -1214,10 +1209,8 @@ static int ldbm_config_import_cachesize_set(void *arg, void *value, char *errorb
         if (val > li->li_import_cachesize) {
             delta = val - li->li_import_cachesize;
             if (!util_is_cachesize_sane(&delta)){
-                PR_snprintf(errorbuf, SLAPI_DSE_RETURNTEXT_SIZE,
-                        "Error: import cachesize value is too large.");
-                LDAPDebug( LDAP_DEBUG_ANY,"Error: import cachesize value is too large.\n",
-                        0, 0, 0);
+                slapi_create_errormsg(errorbuf, 0, "Error: import cachesize value is too large.");
+                LDAPDebug0Args(LDAP_DEBUG_ANY,"Error: import cachesize value is too large.\n");
                 return LDAP_UNWILLING_TO_PERFORM;
             }
         }
@@ -1478,17 +1471,19 @@ static int ldbm_config_db_deadlock_policy_set(void *arg, void *value, char *erro
     u_int32_t val = (u_int32_t) ((uintptr_t)value);
 
     if (val > DB_LOCK_YOUNGEST) {
-	    PR_snprintf(errorbuf, SLAPI_DSE_RETURNTEXT_SIZE,
+	    slapi_create_errormsg(errorbuf, 0,
 	                "Error: Invalid value for %s (%d). Must be between %d and %d inclusive",
 	                CONFIG_DB_DEADLOCK_POLICY, val, DB_LOCK_DEFAULT, DB_LOCK_YOUNGEST);
-	    LDAPDebug1Arg(LDAP_DEBUG_ANY, "%s\n", errorbuf);
+	    LDAPDebug(LDAP_DEBUG_ANY, "Error: Invalid value for deadlock policy (%d). Must be between %d and %d inclusive",
+	                val, DB_LOCK_DEFAULT, DB_LOCK_YOUNGEST);
 	    return LDAP_UNWILLING_TO_PERFORM;
     }
     if (val == DB_LOCK_NORUN) {
-	    PR_snprintf(errorbuf, SLAPI_DSE_RETURNTEXT_SIZE,
+	    slapi_create_errormsg(errorbuf, 0,
 	                "Warning: Setting value for %s to (%d) will disable deadlock detection",
 	                CONFIG_DB_DEADLOCK_POLICY, val);
-	    LDAPDebug1Arg(LDAP_DEBUG_ANY, "%s\n", errorbuf);
+	    LDAPDebug2Args(LDAP_DEBUG_ANY, "Warning: Setting value for %s to (%d) will disable deadlock detection",
+	                CONFIG_DB_DEADLOCK_POLICY, val);
     }
 
     if (apply) {
@@ -1907,15 +1902,15 @@ int ldbm_config_set(void *arg, char *attr_name, config_info *config_array, struc
     config = get_config_info(config_array, attr_name);
     if (NULL == config) {
         LDAPDebug(LDAP_DEBUG_CONFIG, "Unknown config attribute %s\n", attr_name, 0, 0);
-        PR_snprintf(err_buf, SLAPI_DSE_RETURNTEXT_SIZE, "Unknown config attribute %s\n", attr_name);
+        slapi_create_errormsg(err_buf, 0, "Unknown config attribute %s\n", attr_name);
         return LDAP_SUCCESS; /* Ignore unknown attributes */
     }
 
     /* Some config attrs can't be changed while the server is running. */
     if (phase == CONFIG_PHASE_RUNNING && 
         !(config->config_flags & CONFIG_FLAG_ALLOW_RUNNING_CHANGE)) {
-        PR_snprintf(err_buf, SLAPI_DSE_RETURNTEXT_SIZE, "%s can't be modified while the server is running.\n", attr_name);
-        LDAPDebug(LDAP_DEBUG_ANY, "%s", err_buf, 0, 0);
+        LDAPDebug1Arg(LDAP_DEBUG_ANY, "%s can't be modified while the server is running.\n", attr_name);
+        slapi_create_errormsg(err_buf, 0, "%s can't be modified while the server is running.\n", attr_name);
         return LDAP_UNWILLING_TO_PERFORM;
     }
     
@@ -1933,9 +1928,7 @@ int ldbm_config_set(void *arg, char *attr_name, config_info *config_array, struc
            previously set to a non-default value */
         if (SLAPI_IS_MOD_ADD(mod_op) && apply_mod &&
             (config->config_flags & CONFIG_FLAG_PREVIOUSLY_SET)) {
-            PR_snprintf(err_buf, SLAPI_DSE_RETURNTEXT_SIZE,
-                        "cannot add a value to single valued attribute %s.\n",
-                        attr_name);
+            slapi_create_errormsg(err_buf, 0, "cannot add a value to single valued attribute %s.\n", attr_name);
             return LDAP_OBJECT_CLASS_VIOLATION;
         }
     }
@@ -1946,9 +1939,8 @@ int ldbm_config_set(void *arg, char *attr_name, config_info *config_array, struc
         char buf[BUFSIZ];
         ldbm_config_get(arg, config, buf);
         if (PL_strncmp(buf, bval->bv_val, bval->bv_len)) {
-            PR_snprintf(err_buf, SLAPI_DSE_RETURNTEXT_SIZE,
-                        "value [%s] for attribute %s does not match existing value [%s].\n",
-                        bval->bv_val, attr_name, buf);
+            slapi_create_errormsg(err_buf, 0,
+                "value [%s] for attribute %s does not match existing value [%s].\n", bval->bv_val, attr_name, buf);
             return LDAP_NO_SUCH_ATTRIBUTE;
         }
     }
@@ -1964,21 +1956,22 @@ int ldbm_config_set(void *arg, char *attr_name, config_info *config_array, struc
         llval = db_atoi(str_val, &err);
         /* check for parsing error (e.g. not a number) */
         if (err) {
-            PR_snprintf(err_buf, SLAPI_DSE_RETURNTEXT_SIZE, "Error: value %s for attr %s is not a number\n",
-                    str_val, attr_name);
-            LDAPDebug(LDAP_DEBUG_ANY, "%s", err_buf, 0, 0);
+            slapi_create_errormsg(err_buf, 0, "Error: value %s for attr %s is not a number\n", str_val, attr_name);
+            LDAPDebug2Args(LDAP_DEBUG_ANY, "Error: value %s for attr %s is not a number\n", str_val, attr_name);
             return LDAP_UNWILLING_TO_PERFORM;
         /* check for overflow */
         } else if (LL_CMP(llval, >, llmaxint)) {
-            PR_snprintf(err_buf, SLAPI_DSE_RETURNTEXT_SIZE, "Error: value %s for attr %s is greater than the maximum %d\n",
+            slapi_create_errormsg(err_buf, 0, "Error: value %s for attr %s is greater than the maximum %d\n",
+                    str_val, attr_name, maxint);
+            LDAPDebug(LDAP_DEBUG_ANY, "Error: value %s for attr %s is greater than the maximum %d\n",
                     str_val, attr_name, maxint);
-            LDAPDebug(LDAP_DEBUG_ANY, "%s", err_buf, 0, 0);
             return LDAP_UNWILLING_TO_PERFORM;
         /* check for underflow */
         } else if (LL_CMP(llval, <, llminint)) {
-            PR_snprintf(err_buf, SLAPI_DSE_RETURNTEXT_SIZE, "Error: value %s for attr %s is less than the minimum %d\n",
+            slapi_create_errormsg(err_buf, 0, "Error: value %s for attr %s is less than the minimum %d\n",
+                    str_val, attr_name, minint);
+            LDAPDebug(LDAP_DEBUG_ANY, "Error: value %s for attr %s is less than the minimum %d\n",
                     str_val, attr_name, minint);
-            LDAPDebug(LDAP_DEBUG_ANY, "%s", err_buf, 0, 0);
             return LDAP_UNWILLING_TO_PERFORM;
         }
         /* convert 64 bit value to 32 bit value */
@@ -2003,21 +1996,24 @@ int ldbm_config_set(void *arg, char *attr_name, config_info *config_array, struc
         llval = db_atoi(str_val, &err);
         /* check for parsing error (e.g. not a number) */
         if (err) {
-            PR_snprintf(err_buf, SLAPI_DSE_RETURNTEXT_SIZE, "Error: value %s for attr %s is not a number\n",
+            slapi_create_errormsg(err_buf, 0, "Error: value %s for attr %s is not a number\n",
+                    str_val, attr_name);
+            LDAPDebug2Args(LDAP_DEBUG_ANY, "Error: value %s for attr %s is not a number\n",
                     str_val, attr_name);
-            LDAPDebug(LDAP_DEBUG_ANY, "%s", err_buf, 0, 0);
             return LDAP_UNWILLING_TO_PERFORM;
         /* check for overflow */
         } else if (LL_CMP(llval, >, llmaxint)) {
-            PR_snprintf(err_buf, SLAPI_DSE_RETURNTEXT_SIZE, "Error: value %s for attr %s is greater than the maximum %d\n",
+            slapi_create_errormsg(err_buf, 0, "Error: value %s for attr %s is greater than the maximum %d\n",
+                    str_val, attr_name, maxint);
+            LDAPDebug(LDAP_DEBUG_ANY, "Error: value %s for attr %s is greater than the maximum %d\n",
                     str_val, attr_name, maxint);
-            LDAPDebug(LDAP_DEBUG_ANY, "%s", err_buf, 0, 0);
             return LDAP_UNWILLING_TO_PERFORM;
         /* check for underflow */
         } else if (LL_CMP(llval, <, llminint)) {
-            PR_snprintf(err_buf, SLAPI_DSE_RETURNTEXT_SIZE, "Error: value %s for attr %s is less than the minimum %d\n",
+            slapi_create_errormsg(err_buf, 0, "Error: value %s for attr %s is less than the minimum %d\n",
+                    str_val, attr_name, minint);
+            LDAPDebug(LDAP_DEBUG_ANY, "Error: value %s for attr %s is less than the minimum %d\n",
                     str_val, attr_name, minint);
-            LDAPDebug(LDAP_DEBUG_ANY, "%s", err_buf, 0, 0);
             return LDAP_UNWILLING_TO_PERFORM;
         }
         /* convert 64 bit value to 32 bit value */
@@ -2036,15 +2032,17 @@ int ldbm_config_set(void *arg, char *attr_name, config_info *config_array, struc
 
         /* check for parsing error (e.g. not a number) */
         if (err == EINVAL) {
-            PR_snprintf(err_buf, SLAPI_DSE_RETURNTEXT_SIZE, "Error: value %s for attr %s is not a number\n",
+            slapi_create_errormsg(err_buf, 0, "Error: value %s for attr %s is not a number\n",
+                    str_val, attr_name);
+            LDAPDebug2Args(LDAP_DEBUG_ANY, "Error: value %s for attr %s is not a number\n",
                     str_val, attr_name);
-            LDAPDebug(LDAP_DEBUG_ANY, "%s", err_buf, 0, 0);
             return LDAP_UNWILLING_TO_PERFORM;
             /* check for overflow */
         } else if (err == ERANGE) {
-            PR_snprintf(err_buf, SLAPI_DSE_RETURNTEXT_SIZE, "Error: value %s for attr %s is outside the range of representable values\n",
+            slapi_create_errormsg(err_buf, 0, "Error: value %s for attr %s is outside the range of representable values\n",
+                    str_val, attr_name);
+            LDAPDebug2Args(LDAP_DEBUG_ANY, "Error: value %s for attr %s is outside the range of representable values\n",
                     str_val, attr_name);
-            LDAPDebug(LDAP_DEBUG_ANY, "%s", err_buf, 0, 0);
             return LDAP_UNWILLING_TO_PERFORM;
         }
         retval = config->config_set_fn(arg, (void *) sz_val, err_buf, phase, apply_mod);

ldap/servers/slapd/back-ldbm/ldbm_instance_config.c

@@ -109,10 +109,8 @@ ldbm_instance_config_cachememsize_set(void *arg, void *value, char *errorbuf, in
         if (val > inst->inst_cache.c_maxsize) {
             delta = val - inst->inst_cache.c_maxsize;
             if (!util_is_cachesize_sane(&delta)){
-                PR_snprintf(errorbuf, SLAPI_DSE_RETURNTEXT_SIZE,
-                        "Error: cachememsize value is too large.");
-                LDAPDebug( LDAP_DEBUG_ANY,"Error: cachememsize value is too large.\n",
-                        0, 0, 0);
+                slapi_create_errormsg(errorbuf, 0, "Error: cachememsize value is too large.");
+                LDAPDebug0Args(LDAP_DEBUG_ANY, "Error: cachememsize value is too large.\n");
                 return LDAP_UNWILLING_TO_PERFORM;
             }
         }
@@ -153,10 +151,8 @@ ldbm_instance_config_dncachememsize_set(void *arg, void *value, char *errorbuf,
         if (val > inst->inst_dncache.c_maxsize) {
             delta = val - inst->inst_dncache.c_maxsize;
             if (!util_is_cachesize_sane(&delta)){
-                PR_snprintf(errorbuf, SLAPI_DSE_RETURNTEXT_SIZE,
-                        "Error: dncachememsize value is too large.");
-                LDAPDebug( LDAP_DEBUG_ANY,"Error: dncachememsize value is too large.\n",
-                        0, 0, 0);
+                slapi_create_errormsg(errorbuf, 0, "Error: dncachememsize value is too large.");
+                LDAPDebug0Args(LDAP_DEBUG_ANY,"Error: dncachememsize value is too large.\n");
                 return LDAP_UNWILLING_TO_PERFORM;
             }
         }
@@ -311,10 +307,9 @@ void
 ldbm_instance_config_setup_default(ldbm_instance *inst) 
 {
     config_info *config;
-    char err_buf[BUFSIZ];
 
     for (config = ldbm_instance_config; config->config_name != NULL; config++) {
-        ldbm_config_set((void *)inst, config->config_name, ldbm_instance_config, NULL /* use default */, err_buf, CONFIG_PHASE_INITIALIZATION, 1 /* apply */, LDAP_MOD_REPLACE);
+        ldbm_config_set((void *)inst, config->config_name, ldbm_instance_config, NULL /* use default */, NULL, CONFIG_PHASE_INITIALIZATION, 1 /* apply */, LDAP_MOD_REPLACE);
     }
 }
 
@@ -440,7 +435,7 @@ parse_ldbm_instance_config_entry(ldbm_instance *inst, Slapi_Entry *e, config_inf
         char *attr_name = NULL;
         Slapi_Value *sval = NULL;
         struct berval *bval;
-        char err_buf[BUFSIZ];
+        char err_buf[SLAPI_DSE_RETURNTEXT_SIZE];
         
         slapi_attr_get_type(attr, &attr_name);
 
@@ -833,7 +828,7 @@ out:
 void 
 ldbm_instance_config_internal_set(ldbm_instance *inst, char *attrname, char *value)
 {
-    char err_buf[BUFSIZ];
+    char err_buf[SLAPI_DSE_RETURNTEXT_SIZE];
     struct berval bval;
 
     bval.bv_val = value;

ldap/servers/slapd/bind.c

@@ -100,7 +100,7 @@ do_bind( Slapi_PBlock *pb )
     Slapi_DN *sdn = NULL;
     int bind_sdn_in_pb = 0; /* is sdn set in the pb? */
     Slapi_Entry *referral;
-    char errorbuf[BUFSIZ];
+    char errorbuf[SLAPI_DSE_RETURNTEXT_SIZE] = {0};
     char **supported, **pmech;
     char authtypebuf[256]; /* >26 (strlen(SLAPD_AUTH_SASL)+SASL_MECHNAMEMAX+1) */
     Slapi_Entry *bind_target_entry = NULL;
@@ -655,7 +655,7 @@ do_bind( Slapi_PBlock *pb )
     }
 
     /* We could be serving multiple database backends.  Select the appropriate one */
-    if (slapi_mapping_tree_select(pb, &be, &referral, errorbuf) != LDAP_SUCCESS) {
+    if (slapi_mapping_tree_select(pb, &be, &referral, NULL) != LDAP_SUCCESS) {
         send_nobackend_ldap_result( pb );
         be = NULL;
         goto free_and_return;
@@ -685,7 +685,7 @@ do_bind( Slapi_PBlock *pb )
             Slapi_DN *pb_sdn;
             slapi_pblock_get(pb, SLAPI_BIND_TARGET_SDN, &pb_sdn);
             if (!pb_sdn) {
-                PR_snprintf(errorbuf, sizeof(errorbuf), "Pre-bind plug-in set NULL dn\n");
+                slapi_create_errormsg(errorbuf, 0, "Pre-bind plug-in set NULL dn\n");
                 send_ldap_result(pb, LDAP_OPERATIONS_ERROR, NULL, errorbuf, 0, NULL);
                 goto free_and_return;
             } else if ((pb_sdn != sdn) || (sdn_updated = slapi_sdn_compare(original_sdn, pb_sdn))) {
@@ -696,7 +696,7 @@ do_bind( Slapi_PBlock *pb )
                 sdn = pb_sdn;
                 dn = slapi_sdn_get_dn(sdn);
                 if (!dn) {
-                    PR_snprintf(errorbuf, sizeof(errorbuf), "Pre-bind plug-in set corrupted dn\n");
+                    slapi_create_errormsg(errorbuf, 0, "Pre-bind plug-in set corrupted dn\n");
                     send_ldap_result(pb, LDAP_OPERATIONS_ERROR, NULL, errorbuf, 0, NULL);
                     goto free_and_return;
                 }
@@ -710,7 +710,7 @@ do_bind( Slapi_PBlock *pb )
                         slapi_be_Rlock(be);
                         slapi_pblock_set( pb, SLAPI_BACKEND, be );
                     } else {
-                        PR_snprintf(errorbuf, sizeof(errorbuf), "No matching backend for %s\n", dn);
+                        slapi_create_errormsg(errorbuf, 0, "No matching backend for %s\n", dn);
                         send_ldap_result(pb, LDAP_OPERATIONS_ERROR, NULL, errorbuf, 0, NULL);
                         goto free_and_return;
                     }

ldap/servers/slapd/compare.c

@@ -41,7 +41,7 @@ do_compare( Slapi_PBlock *pb )
 	int		err;
 	Slapi_DN sdn;
 	Slapi_Entry *referral = NULL;
-	char errorbuf[BUFSIZ];
+	char errorbuf[SLAPI_DSE_RETURNTEXT_SIZE];
 
 	LDAPDebug( LDAP_DEBUG_TRACE, "do_compare\n", 0, 0, 0 );
 

ldap/servers/slapd/config.c

@@ -122,7 +122,7 @@ slapd_bootstrap_config(const char *configdir)
 	int done = 0;
 	PRInt32 nr = 0;
 	PRFileDesc *prfd = 0;
-	char returntext[SLAPI_DSE_RETURNTEXT_SIZE] = "";
+	char returntext[SLAPI_DSE_RETURNTEXT_SIZE] = {0};
 	char *buf = 0;
 	char *lastp = 0;
 	char *entrystr = 0;
@@ -198,7 +198,7 @@ slapd_bootstrap_config(const char *configdir)
 			slapi_sdn_init_ndn_byref(&plug_dn, PLUGIN_BASE_DN);
 			while ((entrystr = dse_read_next_entry(buf, &lastp)) != NULL)
 			{
-				char errorbuf[BUFSIZ];
+				char errorbuf[SLAPI_DSE_RETURNTEXT_SIZE];
 				/*
 				 * XXXmcs: it would be better to also pass
 				 * SLAPI_STR2ENTRY_REMOVEDUPVALS in the flags, but

ldap/servers/slapd/daemon.c

@@ -442,7 +442,6 @@ disk_mon_check_diskspace(char **dirs, PRUint64 threshold, PRUint64 *disk_space)
 void
 disk_monitoring_thread(void *nothing)
 {
-    char errorbuf[BUFSIZ];
     char **dirs = NULL;
     char *dirstr = NULL;
     PRUint64 previous_mark = 0;
@@ -553,7 +552,7 @@ disk_monitoring_thread(void *nothing)
             /* Setting the log level back to zero, actually sets the value to LDAP_DEBUG_ANY */
             config_set_errorlog_level(CONFIG_LOGLEVEL_ATTRIBUTE,
                                       STRINGIFYDEFINE(SLAPD_DEFAULT_ERRORLOG_LEVEL),
-                                      errorbuf, CONFIG_APPLY);
+                                      NULL, CONFIG_APPLY);
             continue;
         }
         /*

ldap/servers/slapd/delete.c

@@ -225,7 +225,7 @@ static void op_shared_delete (Slapi_PBlock *pb)
 	Slapi_Operation *operation;
 	Slapi_Entry *referral;
 	Slapi_Entry	*ecopy = NULL;
-	char errorbuf[BUFSIZ];
+	char errorbuf[SLAPI_DSE_RETURNTEXT_SIZE];
 	int				err;
 	char		*proxydn = NULL;
 	char		*proxystr = NULL;

ldap/servers/slapd/detach.c

@@ -52,7 +52,6 @@ detach( int slapd_exemode, int importexport_encrypt,
 	char *workingdir = 0;
 	char *errorlog = 0;
 	char *ptr = 0;
-	char errorbuf[BUFSIZ];
 	extern char *config_get_errorlog(void);
 
 	if ( should_detach ) {
@@ -92,12 +91,12 @@ detach( int slapd_exemode, int importexport_encrypt,
 					*ptr = 0;
 				}
 				(void) chdir( errorlog );
-				config_set_workingdir(CONFIG_WORKINGDIR_ATTRIBUTE, errorlog, errorbuf, 1);
+				config_set_workingdir(CONFIG_WORKINGDIR_ATTRIBUTE, errorlog, NULL, 1);
 				slapi_ch_free_string(&errorlog);
 			}
 		} else {
 			/* calling config_set_workingdir to check for validity of directory, don't apply */
-			if (config_set_workingdir(CONFIG_WORKINGDIR_ATTRIBUTE, workingdir, errorbuf, 0) == LDAP_OPERATIONS_ERROR) {
+			if (config_set_workingdir(CONFIG_WORKINGDIR_ATTRIBUTE, workingdir, NULL, 0) == LDAP_OPERATIONS_ERROR) {
 				return 1;
 			}
 			(void) chdir( workingdir );

ldap/servers/slapd/dn.c

@@ -2804,8 +2804,6 @@ ndn_cache_init()
 void
 ndn_cache_destroy()
 {
-    char *errorbuf = NULL;
-
     if(!ndn_started){
         return;
     }
@@ -2818,11 +2816,11 @@ ndn_cache_destroy()
         ndn_cache_lock = NULL;
     }
     if(ndn_cache_hashtable){
-    	ndn_cache_free();
+        ndn_cache_free();
         PL_HashTableDestroy(ndn_cache_hashtable);
         ndn_cache_hashtable = NULL;
     }
-    config_set_ndn_cache_enabled(CONFIG_NDN_CACHE, "off", errorbuf, 1 );
+    config_set_ndn_cache_enabled(CONFIG_NDN_CACHE, "off", NULL, 1 );
     slapi_counter_destroy(&ndn_cache->cache_hits);
     slapi_counter_destroy(&ndn_cache->cache_tries);
     slapi_counter_destroy(&ndn_cache->cache_misses);

ldap/servers/slapd/log.c

@@ -310,9 +310,7 @@ log_set_logging(const char *attrname, char *value, int logtype, char *errorbuf,
 	slapdFrontendConfig_t *fe_cfg = getFrontendConfig();
 
 	if ( NULL == value ) {
-	  PR_snprintf( errorbuf, SLAPI_DSE_RETURNTEXT_SIZE,
-			  "%s: NULL value; valid values "
-			  "are \"on\" or \"off\"", attrname );
+	  slapi_create_errormsg(errorbuf, 0, "%s: NULL value; valid values are \"on\" or \"off\"", attrname);
 	  return LDAP_OPERATIONS_ERROR;
 	}
 
@@ -323,12 +321,11 @@ log_set_logging(const char *attrname, char *value, int logtype, char *errorbuf,
 	  v = 0;
 	}
 	else {
-	  PR_snprintf( errorbuf, SLAPI_DSE_RETURNTEXT_SIZE,
-			  "%s: invalid value \"%s\", valid values "
-			  "are \"on\" or \"off\"", attrname, value );
+	  slapi_create_errormsg(errorbuf, 0, "%s: invalid value \"%s\", valid values are \"on\" or \"off\"",
+	                        attrname, value);
 	  return LDAP_OPERATIONS_ERROR;
 	}
-			  
+
 	if ( !apply ){
 	  return LDAP_SUCCESS;
 	}
@@ -762,10 +759,9 @@ log_set_mode (const char *attrname, char *value, int logtype, char *errorbuf, in
 	slapdFrontendConfig_t *fe_cfg = getFrontendConfig();
 
 	if ( NULL == value ) {
-		PR_snprintf( errorbuf, SLAPI_DSE_RETURNTEXT_SIZE,
-			  "%s: null value; valid values "
-			  "are are of the format \"yz-yz-yz-\" where y could be 'r' or '-',"
-			  " and z could be 'w' or '-'", attrname );
+		slapi_create_errormsg(errorbuf, 0,
+			    "%s: null value; valid values are are of the format \"yz-yz-yz-\" where y could be 'r' or '-',"
+			    " and z could be 'w' or '-'", attrname );
 		return LDAP_OPERATIONS_ERROR;
 	}
 
@@ -781,9 +777,9 @@ log_set_mode (const char *attrname, char *value, int logtype, char *errorbuf, in
 			if (loginfo.log_access_file &&
 				( chmod( loginfo.log_access_file, v ) != 0) ) {
 				int oserr = errno;
-				PR_snprintf( errorbuf, SLAPI_DSE_RETURNTEXT_SIZE,
-					"%s: Failed to chmod access log file to %s: errno %d (%s)",
-					attrname, value, oserr, slapd_system_strerror(oserr) );
+				slapi_create_errormsg(errorbuf, 0,
+				        "%s: Failed to chmod access log file to %s: errno %d (%s)",
+				        attrname, value, oserr, slapd_system_strerror(oserr));
 				retval = LDAP_UNWILLING_TO_PERFORM;
 			} else { /* only apply the changes if no file or if successful */
 				slapi_ch_free ( (void **) &fe_cfg->accesslog_mode );
@@ -797,9 +793,9 @@ log_set_mode (const char *attrname, char *value, int logtype, char *errorbuf, in
 			if (loginfo.log_error_file &&
 				( chmod( loginfo.log_error_file, v ) != 0) ) {
 				int oserr = errno;
-				PR_snprintf( errorbuf, SLAPI_DSE_RETURNTEXT_SIZE,
-					"%s: Failed to chmod error log file to %s: errno %d (%s)",
-					attrname, value, oserr, slapd_system_strerror(oserr) );
+				slapi_create_errormsg(errorbuf, 0,
+				        "%s: Failed to chmod error log file to %s: errno %d (%s)",
+				        attrname, value, oserr, slapd_system_strerror(oserr));
 				retval = LDAP_UNWILLING_TO_PERFORM;
 			} else { /* only apply the changes if no file or if successful */
 				slapi_ch_free ( (void **) &fe_cfg->errorlog_mode );
@@ -813,9 +809,9 @@ log_set_mode (const char *attrname, char *value, int logtype, char *errorbuf, in
 			if (loginfo.log_audit_file &&
 				( chmod( loginfo.log_audit_file, v ) != 0) ) {
 				int oserr = errno;
-				PR_snprintf( errorbuf, SLAPI_DSE_RETURNTEXT_SIZE,
-					"%s: Failed to chmod audit log file to %s: errno %d (%s)",
-					attrname, value, oserr, slapd_system_strerror(oserr) );
+				slapi_create_errormsg(errorbuf, 0,
+				        "%s: Failed to chmod audit log file to %s: errno %d (%s)",
+				        attrname, value, oserr, slapd_system_strerror(oserr));
 				retval = LDAP_UNWILLING_TO_PERFORM;
 			} else { /* only apply the changes if no file or if successful */
 				slapi_ch_free ( (void **) &fe_cfg->auditlog_mode );
@@ -1018,9 +1014,8 @@ log_set_rotationsync_enabled(const char *attrname, char *value, int logtype, cha
 	slapdFrontendConfig_t *fe_cfg = getFrontendConfig();
 
 	if ( NULL == value ) {
-		PR_snprintf( errorbuf, SLAPI_DSE_RETURNTEXT_SIZE,
-			  "%s: NULL value; valid values "
-			  "are \"on\" or \"off\"", attrname );
+		slapi_create_errormsg(errorbuf, 0,
+			  "%s: NULL value; valid values are \"on\" or \"off\"", attrname);
 		return LDAP_OPERATIONS_ERROR;
 	}
 
@@ -1031,9 +1026,8 @@ log_set_rotationsync_enabled(const char *attrname, char *value, int logtype, cha
 		v = LDAP_OFF;
 	}
 	else {
-		PR_snprintf( errorbuf, SLAPI_DSE_RETURNTEXT_SIZE,
-			  "%s: invalid value \"%s\", valid values "
-			  "are \"on\" or \"off\"", attrname, value );
+		slapi_create_errormsg(errorbuf, 0,
+			  "%s: invalid value \"%s\", valid values are \"on\" or \"off\"", attrname, value);
 		return LDAP_OPERATIONS_ERROR;
 	}
 			  
@@ -1310,8 +1304,7 @@ int log_set_rotationtimeunit(const char *attrname, char *runit, int logtype, cha
        logtype != SLAPD_ERROR_LOG &&
        logtype != SLAPD_AUDIT_LOG &&
        logtype != SLAPD_AUDITFAIL_LOG ) {
-    PR_snprintf ( errorbuf, SLAPI_DSE_RETURNTEXT_SIZE,
-            "%s: invalid log type: %d", attrname, logtype );
+    slapi_create_errormsg(errorbuf, 0, "%s: invalid log type: %d", attrname, logtype);
     return LDAP_OPERATIONS_ERROR;
   }
   
@@ -1322,8 +1315,7 @@ int log_set_rotationtimeunit(const char *attrname, char *runit, int logtype, cha
     (strcasecmp(runit, "minute") == 0)) {
     /* all good values */
   } else  {
-    PR_snprintf ( errorbuf, SLAPI_DSE_RETURNTEXT_SIZE,
-            "%s: unknown unit \"%s\"", attrname, runit );
+    slapi_create_errormsg(errorbuf, 0, "%s: unknown unit \"%s\"", attrname, runit);
     rv = LDAP_OPERATIONS_ERROR;
   }
   
@@ -1431,8 +1423,7 @@ log_set_maxdiskspace(const char *attrname, char *maxdiskspace_str, int logtype,
         logtype != SLAPD_ERROR_LOG &&
         logtype != SLAPD_AUDIT_LOG &&
         logtype != SLAPD_AUDITFAIL_LOG ) {
-        PR_snprintf( errorbuf, SLAPI_DSE_RETURNTEXT_SIZE,
-                "%s: invalid log type: %d", attrname, logtype );
+        slapi_create_errormsg(errorbuf, 0, "%s: invalid log type: %d", attrname, logtype);
         return LDAP_OPERATIONS_ERROR;
     }
 
@@ -1465,9 +1456,9 @@ log_set_maxdiskspace(const char *attrname, char *maxdiskspace_str, int logtype,
         maxdiskspace = -1;
     } else if (maxdiskspace < mlogsize) {
         rv = LDAP_OPERATIONS_ERROR;
-        PR_snprintf( errorbuf, SLAPI_DSE_RETURNTEXT_SIZE,
-            "%s: \"%d (MB)\" is less than max log size \"%d (MB)\"",
-            attrname, s_maxdiskspace, (int)(mlogsize/LOG_MB_IN_BYTES) );
+        slapi_create_errormsg(errorbuf, 0,
+                "%s: \"%d (MB)\" is less than max log size \"%d (MB)\"",
+                attrname, s_maxdiskspace, (int)(mlogsize/LOG_MB_IN_BYTES));
     }
 
     switch (logtype) {
@@ -1522,8 +1513,7 @@ log_set_mindiskspace(const char *attrname, char *minfreespace_str, int logtype,
 		 logtype != SLAPD_ERROR_LOG &&
 		 logtype != SLAPD_AUDIT_LOG &&
 		 logtype != SLAPD_AUDITFAIL_LOG ) {
-	  PR_snprintf( errorbuf, SLAPI_DSE_RETURNTEXT_SIZE,
-				"%s: invalid log type: %d", attrname, logtype );
+	  slapi_create_errormsg(errorbuf, 0, "%s: invalid log type: %d", attrname, logtype);
 	  rv = LDAP_OPERATIONS_ERROR;
 	}
 
@@ -1588,8 +1578,7 @@ log_set_expirationtime(const char *attrname, char *exptime_str, int logtype, cha
 		 logtype != SLAPD_ERROR_LOG &&
 		 logtype != SLAPD_AUDIT_LOG &&
 		 logtype != SLAPD_AUDITFAIL_LOG ) {
-	  PR_snprintf( errorbuf, SLAPI_DSE_RETURNTEXT_SIZE,
-			"%s: invalid log type: %d", attrname, logtype );
+	  slapi_create_errormsg(errorbuf, 0, "%s: invalid log type: %d", attrname, logtype);
 	  rv = LDAP_OPERATIONS_ERROR;
 	}
 	
@@ -1695,24 +1684,21 @@ log_set_expirationtimeunit(const char *attrname, char *expunit, int logtype, cha
 	   logtype != SLAPD_ERROR_LOG &&
 	   logtype != SLAPD_AUDIT_LOG &&
 	   logtype != SLAPD_AUDITFAIL_LOG ) {
-	  PR_snprintf( errorbuf, SLAPI_DSE_RETURNTEXT_SIZE, 
-				"%s: invalid log type: %d", attrname, logtype );
+	  slapi_create_errormsg(errorbuf, 0, "%s: invalid log type: %d", attrname, logtype);
 	  return LDAP_OPERATIONS_ERROR;
 	}
 
 	if ( NULL == expunit ) {
-		PR_snprintf( errorbuf, SLAPI_DSE_RETURNTEXT_SIZE,
-				"%s: NULL value", attrname );
+		slapi_create_errormsg(errorbuf, 0, "%s: NULL value", attrname);
 		return LDAP_OPERATIONS_ERROR;
 	}
 
 	if  ( (strcasecmp(expunit, "month") == 0)  || 
 		(strcasecmp(expunit, "week") == 0) ||
 		(strcasecmp(expunit, "day") == 0)) {
-		/* we have good values */	
+		/* we have good values */
 	} else  {
-		PR_snprintf( errorbuf, SLAPI_DSE_RETURNTEXT_SIZE,
-				"%s: invalid time unit \"%s\"", attrname, expunit );
+		slapi_create_errormsg(errorbuf, 0, "%s: invalid time unit \"%s\"", attrname, expunit);
 		rv = LDAP_OPERATIONS_ERROR;;
 	}
 	

ldap/servers/slapd/mapping_tree.c

@@ -1600,17 +1600,16 @@ done:
                                    CONFIG_DEFAULT_NAMING_CONTEXT, rc);
                 }
                 if (LDAP_SUCCESS == rc) {
-                    char errorbuf[SLAPI_DSE_RETURNTEXT_SIZE];
+                    char errorbuf[SLAPI_DSE_RETURNTEXT_SIZE] = {0};
                     /* Removing defaultNamingContext from cn=config entry
                      * was successful.  The remove does not reset the
                      * global parameter.  We need to reset it separately. */
                     if (config_set_default_naming_context(
                                                 CONFIG_DEFAULT_NAMING_CONTEXT,
                                                 NULL, errorbuf, CONFIG_APPLY)) {
-                        LDAPDebug2Args(LDAP_DEBUG_ANY,
-                                       "mapping_tree_entry_delete_callback: "
-                                       "setting NULL to %s failed. %s\n",
-                                       CONFIG_DEFAULT_NAMING_CONTEXT, errorbuf);
+                        slapi_log_error(SLAPI_LOG_FATAL, "mapping_tree", 
+                            "mapping_tree_entry_delete_callback: setting NULL to %s failed. %s\n",
+                             CONFIG_DEFAULT_NAMING_CONTEXT, errorbuf);
                     }
                 }
             }
@@ -2128,7 +2127,7 @@ int slapi_dn_write_needs_referral(Slapi_DN *target_sdn, Slapi_Entry **referral)
  * referral is an output param that will be set to the selected referral.
  * errorbuf is a pointer to a buffer that an error string will be written to
  *    if there is an error.  The caller is responsible for passing in a big 
- *    enough chunk of memory.  BUFSIZ should be fine.  If errorbuf is NULL, 
+ *    enough chunk of memory.  SLAPI_DSE_RETURNTEXT_SIZE should be fine.  If errorbuf is NULL, 
  *    no error string is written to it.  The string returned in errorbuf
  *    would be a good candidate for sending back to the client to describe the
  *    error.
@@ -2226,10 +2225,11 @@ int slapi_mapping_tree_select(Slapi_PBlock *pb, Slapi_Backend **be, Slapi_Entry
             (op_type != SLAPI_OPERATION_BIND) && 
             (op_type != SLAPI_OPERATION_UNBIND))
         {
+            if (errorbuf) {
+                PL_strncpyz(errorbuf, slapi_config_get_readonly() ? 
+                            "Server is read-only" : "database is read-only", sizeof(errorbuf));
+            }
             ret = LDAP_UNWILLING_TO_PERFORM;
-            PL_strncpyz(errorbuf, slapi_config_get_readonly() ? 
-                    "Server is read-only" :
-                    "database is read-only", BUFSIZ);
             slapi_be_Unlock(*be);
             *be = NULL;
         }
@@ -2335,10 +2335,11 @@ int slapi_mapping_tree_select_all(Slapi_PBlock *pb, Slapi_Backend **be_list,
             if (be && !be_isdeleted(be))
             {
                 if (be_index == BE_LIST_SIZE) { /* error - too many backends */
+                    slapi_create_errormsg(errorbuf, 0,
+                            "Error: too many backends match search request - cannot proceed");
+                    slapi_log_error(SLAPI_LOG_FATAL, "mapping_tree",
+                        "Error: too many backends match search request - cannot proceed");
                     ret_code = LDAP_ADMINLIMIT_EXCEEDED;
-                    PR_snprintf(errorbuf, BUFSIZ-1,
-                                "Error: too many backends match search request - cannot proceed");
-                    slapi_log_error(SLAPI_LOG_FATAL, NULL, "%s\n", errorbuf);
                     break;
                 } else {
                     be_list[be_index++]=be;
@@ -2469,10 +2470,9 @@ int slapi_mapping_tree_select_and_check(Slapi_PBlock *pb,char *newdn, Slapi_Back
         const Slapi_DN *suffix = slapi_get_suffix_by_dn(target_sdn);
         if ((*be != def_be) && (NULL == suffix))
         {
+            slapi_create_errormsg(errorbuf, 0,
+                    "Target entry \"%s\" does not exist\n", slapi_sdn_get_dn(target_sdn));
             ret = LDAP_NO_SUCH_OBJECT;
-            PR_snprintf(errorbuf, BUFSIZ,
-                        "Target entry \"%s\" does not exist\n", 
-                        slapi_sdn_get_dn(target_sdn));
             goto unlock_and_return;
         }
         if (suffix && (0 == slapi_sdn_compare(target_sdn, suffix)))
@@ -2484,30 +2484,26 @@ int slapi_mapping_tree_select_and_check(Slapi_PBlock *pb,char *newdn, Slapi_Back
             if (!slapi_be_exist((const Slapi_DN *)&dn_newdn))
             {
                 /* new_be is an empty backend */
+                slapi_create_errormsg(errorbuf, 0, "Backend for suffix \"%s\" does not exist\n", newdn);
                 ret = LDAP_NO_SUCH_OBJECT;
-                PR_snprintf(errorbuf, BUFSIZ,
-                           "Backend for suffix \"%s\" does not exist\n", newdn);
                 goto unlock_and_return;
             }
             if (0 == slapi_sdn_compare(&dn_newdn, new_suffix))
             {
                 ret = LDAP_ALREADY_EXISTS;
-                PR_snprintf(errorbuf, BUFSIZ,
-                            "Suffix \"%s\" already exists\n", newdn);
+                slapi_create_errormsg(errorbuf, 0, "Suffix \"%s\" already exists\n", newdn);
                 goto unlock_and_return;
             }
             ret = LDAP_NAMING_VIOLATION;
-            PR_snprintf(errorbuf, BUFSIZ, "Cannot rename suffix \"%s\"\n",
-                        slapi_sdn_get_dn(target_sdn));
+            slapi_create_errormsg(errorbuf, 0, "Cannot rename suffix \"%s\"\n", slapi_sdn_get_dn(target_sdn));
             goto unlock_and_return;
         }
         else
         {
             if ((*be != new_be) || mtn_sdn_has_child(target_sdn))
             {
+                slapi_create_errormsg(errorbuf, 0, "Cannot move entries across backends\n");
                 ret = LDAP_AFFECTS_MULTIPLE_DSAS;
-                PR_snprintf(errorbuf, BUFSIZ,
-                                "Cannot move entries across backends\n");
                 goto unlock_and_return;
             }
         }
@@ -2637,11 +2633,9 @@ static int mtn_get_be(mapping_tree_node *target_node, Slapi_PBlock *pb,
     target_sdn = operation_get_target_spec (op);
 
     if (target_node->mtn_state == MTN_DISABLED) {
-        if (errorbuf) {
-            PR_snprintf(errorbuf, BUFSIZ,
+        slapi_create_errormsg(errorbuf, 0,
                 "Warning: Operation attempted on a disabled node : %s\n",
                 slapi_sdn_get_dn(target_node->mtn_subtree));
-        }
         result = LDAP_OPERATIONS_ERROR;
         return result;
     }
@@ -2773,12 +2767,8 @@ static int mtn_get_be(mapping_tree_node *target_node, Slapi_PBlock *pb,
             }
             (*index)++;
             if (NULL == target_node->mtn_referral_entry) {
-                if (errorbuf) {
-                    PR_snprintf(errorbuf, BUFSIZ,
-                    "Mapping tree node for %s is set to return a referral,"
-                        " but no referral is configured for it",
-                        slapi_sdn_get_ndn(target_node->mtn_subtree));
-                }
+                slapi_create_errormsg(errorbuf, 0, "Mapping tree node for %s is set to return a referral,"
+                        " but no referral is configured for it", slapi_sdn_get_ndn(target_node->mtn_subtree));
                 result = LDAP_OPERATIONS_ERROR;
             } else {
                 result = LDAP_SUCCESS;

ldap/servers/slapd/modify.c

@@ -219,8 +219,8 @@ do_modify( Slapi_PBlock *pb )
 		mod->mod_op = mod_op;
 		mod->mod_type = slapi_attr_syntax_normalize(type);
 		if ( !mod->mod_type || !*mod->mod_type ) {
-			char ebuf[BUFSIZ];
-			PR_snprintf (ebuf, BUFSIZ, "invalid type '%s'", type);
+			char ebuf[SLAPI_DSE_RETURNTEXT_SIZE];
+			PR_snprintf (ebuf, sizeof(ebuf), "invalid type '%s'", type);
 			op_shared_log_error_access (pb, "MOD", rawdn, ebuf);
 			send_ldap_result( pb, LDAP_INVALID_SYNTAX, NULL, ebuf, 0, NULL );
 			slapi_ch_free((void **)&type);
@@ -628,7 +628,7 @@ static void op_shared_modify (Slapi_PBlock *pb, int pw_change, char *old_pw)
 	int repl_op, internal_op, lastmod, skip_modified_attrs;
 	char *unhashed_pw_attr = NULL;
 	Slapi_Operation *operation;
-	char errorbuf[BUFSIZ];
+	char errorbuf[SLAPI_DSE_RETURNTEXT_SIZE];
 	int err;
 	LDAPMod *lc_mod = NULL;
 	struct slapdplugin  *p = NULL;
@@ -710,6 +710,7 @@ static void op_shared_modify (Slapi_PBlock *pb, int pw_change, char *old_pw)
 	 * We could be serving multiple database backends.  Select the
 	 * appropriate one.
 	 */
+	errorbuf[0] = '\0';
 	if ((err = slapi_mapping_tree_select(pb, &be, &referral, errorbuf)) != LDAP_SUCCESS) {
 		send_ldap_result(pb, err, NULL, errorbuf, 0, NULL);
 		be = NULL;

ldap/servers/slapd/modrdn.c

@@ -395,7 +395,7 @@ op_shared_rename(Slapi_PBlock *pb, int passin_args)
 	int				internal_op, repl_op, lastmod;
 	Slapi_Operation *operation;
 	Slapi_Entry *referral;
-	char errorbuf[BUFSIZ];
+	char errorbuf[SLAPI_DSE_RETURNTEXT_SIZE];
 	int			err;
 	char			*proxydn = NULL;
 	char			*proxystr = NULL;
@@ -571,6 +571,7 @@ op_shared_rename(Slapi_PBlock *pb, int passin_args)
 	 */
 	/* slapi_mapping_tree_select_and_check ignores the case of newdn
 	 * which is generated using newrdn above. */
+	errorbuf[0] = '\0';
 	if ((err = slapi_mapping_tree_select_and_check(pb, newdn, &be, &referral, errorbuf)) != LDAP_SUCCESS)
 	{
 		send_ldap_result(pb, err, NULL, errorbuf, 0, NULL);

ldap/servers/slapd/opshared.c

@@ -225,7 +225,6 @@ op_shared_search (Slapi_PBlock *pb, int send_result)
   char            *proxystr = NULL;
   int             proxy_err = LDAP_SUCCESS;
   char            *errtext = NULL;
-  char            errorbuf[BUFSIZ];
   int             nentries,pnentries;
   int             flag_search_base_found = 0;
   int             flag_no_such_object = 0;
@@ -434,8 +433,10 @@ op_shared_search (Slapi_PBlock *pb, int send_result)
   }
 
   if (be_name == NULL) {
+      char errorbuf[SLAPI_DSE_RETURNTEXT_SIZE];
       /* no specific backend was requested, use the mapping tree
        */
+      errorbuf[0] = '\0';
       err_code = slapi_mapping_tree_select_all(pb, be_list, referral_list, errorbuf);
       if (((err_code != LDAP_SUCCESS) && (err_code != LDAP_OPERATIONS_ERROR) && (err_code != LDAP_REFERRAL))
           || ((err_code == LDAP_OPERATIONS_ERROR) && (be_list[0] == NULL))) {

ldap/servers/slapd/pw.c

@@ -791,9 +791,9 @@ check_pw_syntax_ext ( Slapi_PBlock *pb, const Slapi_DN *sdn, Slapi_Value **vals,
 	char			*dn= (char*)slapi_sdn_get_ndn(sdn); /* jcm - Had to cast away const */
 	char			*pwd = NULL;
 	char			*p = NULL;
-	char			errormsg[ BUFSIZ ];
 	passwdPolicy	*pwpolicy = NULL;
 	Slapi_Operation *operation = NULL;
+	char errormsg[SLAPI_DSE_RETURNTEXT_SIZE] = {0};
 
 	/*
 	 * check_pw_syntax_ext could be called with mod_op == LDAP_MOD_DELETE.
@@ -838,11 +838,9 @@ check_pw_syntax_ext ( Slapi_PBlock *pb, const Slapi_DN *sdn, Slapi_Value **vals,
 			if (!is_replication && !config_get_allow_hashed_pw() && 
 				((internal_op && pb->pb_conn && !slapi_dn_isroot(pb->pb_conn->c_dn)) || 
 				(!internal_op && !pw_is_pwp_admin(pb, pwpolicy)))) {
-				PR_snprintf( errormsg, BUFSIZ,
-					"invalid password syntax - passwords with storage scheme are not allowed");
+				PR_snprintf( errormsg, sizeof(errormsg) - 1, "invalid password syntax - passwords with storage scheme are not allowed");
 				if ( pwresponse_req == 1 ) {
-					slapi_pwpolicy_make_response_control ( pb, -1, -1,
-							LDAP_PWPOLICY_INVALIDPWDSYNTAX );
+					slapi_pwpolicy_make_response_control ( pb, -1, -1, LDAP_PWPOLICY_INVALIDPWDSYNTAX );
 				}
 				pw_send_ldap_result ( pb, LDAP_CONSTRAINT_VIOLATION, NULL, errormsg, 0, NULL );
 				return( 1 );
@@ -870,8 +868,7 @@ check_pw_syntax_ext ( Slapi_PBlock *pb, const Slapi_DN *sdn, Slapi_Value **vals,
 			if ( pwpolicy->pw_minlength >
 				ldap_utf8characters((char *)slapi_value_get_string( vals[i] )) )
 			{
-				PR_snprintf( errormsg, BUFSIZ,
-				    "invalid password syntax - password must be at least %d characters long",
+				PR_snprintf( errormsg, sizeof(errormsg) - 1, "invalid password syntax - password must be at least %d characters long",
 				    pwpolicy->pw_minlength );
 				if ( pwresponse_req == 1 ) {
 					slapi_pwpolicy_make_response_control ( pb, -1, -1,
@@ -944,42 +941,42 @@ check_pw_syntax_ext ( Slapi_PBlock *pb, const Slapi_DN *sdn, Slapi_Value **vals,
 			/* check for character based syntax limits */
 			if ( pwpolicy->pw_mindigits > num_digits ) {
 				syntax_violation = 1;
-				PR_snprintf ( errormsg, BUFSIZ,
-                                    "invalid password syntax - password must contain at least %d digit characters",
-                                    pwpolicy->pw_mindigits );
+				PR_snprintf ( errormsg, sizeof(errormsg) - 1,
+				    "invalid password syntax - password must contain at least %d digit characters",
+				    pwpolicy->pw_mindigits );
 			} else if ( pwpolicy->pw_minalphas > num_alphas ) {
 				syntax_violation = 1;
-				PR_snprintf ( errormsg, BUFSIZ,
+				PR_snprintf ( errormsg, sizeof(errormsg) - 1,
 				    "invalid password syntax - password must contain at least %d alphabetic characters",
 				    pwpolicy->pw_minalphas );
 			} else if ( pwpolicy->pw_minuppers > num_uppers ) {
 				syntax_violation = 1;
-				PR_snprintf ( errormsg, BUFSIZ,
+				PR_snprintf ( errormsg, sizeof(errormsg) - 1,
 				    "invalid password syntax - password must contain at least %d uppercase characters",
 				    pwpolicy->pw_minuppers );
 			} else if ( pwpolicy->pw_minlowers > num_lowers ) {
 				syntax_violation = 1;
-				PR_snprintf ( errormsg, BUFSIZ,
+				PR_snprintf ( errormsg, sizeof(errormsg) - 1,
 				    "invalid password syntax - password must contain at least %d lowercase characters",
-					pwpolicy->pw_minlowers );
+				    pwpolicy->pw_minlowers );
 			} else if ( pwpolicy->pw_minspecials > num_specials ) {
 				syntax_violation = 1;
-				PR_snprintf ( errormsg, BUFSIZ,
+				PR_snprintf ( errormsg, sizeof(errormsg) - 1,
 				    "invalid password syntax - password must contain at least %d special characters",
 				    pwpolicy->pw_minspecials );
 			} else if ( pwpolicy->pw_min8bit > num_8bit ) {
 				syntax_violation = 1;
-				PR_snprintf ( errormsg, BUFSIZ,
+				PR_snprintf ( errormsg, sizeof(errormsg) - 1,
 				    "invalid password syntax - password must contain at least %d 8-bit characters",
 				    pwpolicy->pw_min8bit );
 			} else if ( (pwpolicy->pw_maxrepeats != 0) && (pwpolicy->pw_maxrepeats < (max_repeated + 1)) ) {
 				syntax_violation = 1;
-				PR_snprintf ( errormsg, BUFSIZ,
+				PR_snprintf ( errormsg, sizeof(errormsg) - 1,
 				    "invalid password syntax - a character cannot be repeated more than %d times",
 				    (pwpolicy->pw_maxrepeats + 1) );
 			} else if ( pwpolicy->pw_mincategories > num_categories ) {
 				syntax_violation = 1;
-				PR_snprintf ( errormsg, BUFSIZ,
+				PR_snprintf ( errormsg, sizeof(errormsg) - 1,
 				    "invalid password syntax - password must contain at least %d character "
 				    "categories (valid categories are digit, uppercase, lowercase, special, and 8-bit characters)",
 				    pwpolicy->pw_mincategories );
@@ -2179,16 +2176,14 @@ check_pw_duration_value( const char *attr_name, char *value,
 
 	age = parse_duration(value);
 	if (-1 == age) {
-		PR_snprintf ( errorbuf, BUFSIZ, 
-		              "password minimum age \"%s\" is invalid. ", value );
+		slapi_create_errormsg(errorbuf, 0, "password minimum age \"%s\" is invalid. ", value);
 		retVal = LDAP_CONSTRAINT_VIOLATION;
 	} else if (0 == strcasecmp(CONFIG_PW_LOCKDURATION_ATTRIBUTE, attr_name)) {
 		if ( (age <= 0) ||
 			 (age > (MAX_ALLOWED_TIME_IN_SECS - current_time())) ||
 			 ((-1 != minval) && (age < minval)) ||
 			 ((-1 != maxval) && (age > maxval))) {
-			PR_snprintf ( errorbuf, BUFSIZ, "%s: \"%s\" seconds is invalid. ",
-			              attr_name, value );
+			slapi_create_errormsg(errorbuf, 0, "%s: \"%s\" seconds is invalid. ", attr_name, value);
 			retVal = LDAP_CONSTRAINT_VIOLATION;
 		}
 	} else {
@@ -2196,8 +2191,7 @@ check_pw_duration_value( const char *attr_name, char *value,
 			 (age > (MAX_ALLOWED_TIME_IN_SECS - current_time())) ||
 			 ((-1 != minval) && (age < minval)) ||
 			 ((-1 != maxval) && (age > maxval))) {
-			PR_snprintf ( errorbuf, BUFSIZ, "%s: \"%s\" seconds is invalid. ",
-			              attr_name, value );
+			slapi_create_errormsg(errorbuf, 0, "%s: \"%s\" seconds is invalid. ", attr_name, value);
 			retVal = LDAP_CONSTRAINT_VIOLATION;
 		}
 	}
@@ -2214,9 +2208,7 @@ check_pw_resetfailurecount_value( const char *attr_name, char *value, long minva
 	/* in seconds */  
 	duration = strtol (value, NULL, 0);
 	if ( duration < 0 || duration > (MAX_ALLOWED_TIME_IN_SECS - current_time()) ) {
-		PR_snprintf ( errorbuf, BUFSIZ, 
-			"password reset count duration \"%s\" seconds is invalid. ",
-			value );
+		slapi_create_errormsg(errorbuf, 0, "password reset count duration \"%s\" seconds is invalid.", value);
 		retVal = LDAP_CONSTRAINT_VIOLATION;
 	}
 
@@ -2234,16 +2226,13 @@ check_pw_storagescheme_value( const char *attr_name, char *value, long minval, l
 	new_scheme = pw_name2scheme(value);
 	if ( new_scheme == NULL) {
 		if ( scheme_list != NULL ) {
-			PR_snprintf ( errorbuf, BUFSIZ,
-					"%s: invalid scheme - %s. Valid schemes are: %s",
+			slapi_create_errormsg(errorbuf, 0, "%s: invalid scheme - %s. Valid schemes are: %s",
 					CONFIG_PW_STORAGESCHEME_ATTRIBUTE, value, scheme_list );
 		} else {
-			PR_snprintf ( errorbuf, BUFSIZ,
-					"%s: invalid scheme - %s (no pwdstorage scheme"
-					" plugin loaded)",
+			slapi_create_errormsg(errorbuf, 0, "%s: invalid scheme - %s (no pwdstorage scheme plugin loaded)",
 					CONFIG_PW_STORAGESCHEME_ATTRIBUTE, value);
 		}
-	retVal = LDAP_CONSTRAINT_VIOLATION;
+		retVal = LDAP_CONSTRAINT_VIOLATION;
 	}
 	else if ( new_scheme->pws_enc == NULL )
 	{
@@ -2253,9 +2242,8 @@ check_pw_storagescheme_value( const char *attr_name, char *value, long minval, l
 		and won't encrypt passwords if they are in clear. We don't take it 
 		*/ 
 
-		if ( scheme_list != NULL ) {
-			PR_snprintf ( errorbuf, BUFSIZ, 
-				"%s: invalid encoding scheme - %s\nValid values are: %s\n",
+		if (scheme_list) {
+			slapi_create_errormsg(errorbuf, 0, "%s: invalid encoding scheme - %s\nValid values are: %s\n",
 				CONFIG_PW_STORAGESCHEME_ATTRIBUTE, value, scheme_list );
 		}
 

ldap/servers/slapd/saslbind.c

@@ -756,7 +756,6 @@ void ids_sasl_check_bind(Slapi_PBlock *pb)
     char authtype[256]; /* >26 (strlen(SLAPD_AUTH_SASL)+SASL_MECHNAMEMAX+1) */
     Slapi_Entry *bind_target_entry = NULL, *referral = NULL;
     Slapi_Backend *be = NULL;
-    char errorbuf[BUFSIZ];
 
     LDAPDebug( LDAP_DEBUG_TRACE, "=> ids_sasl_check_bind\n", 0, 0, 0 );
 
@@ -956,7 +955,7 @@ sasl_check_result:
             slapi_add_auth_response_control(pb, normdn);
         }
 
-        if (slapi_mapping_tree_select(pb, &be, &referral, errorbuf) != LDAP_SUCCESS) {
+        if (slapi_mapping_tree_select(pb, &be, &referral, NULL) != LDAP_SUCCESS) {
             send_nobackend_ldap_result( pb );
             be = NULL;
             LDAPDebug( LDAP_DEBUG_TRACE, "<= ids_sasl_check_bind\n", 0, 0, 0 );

ldap/servers/slapd/schema.c

@@ -5345,13 +5345,13 @@ init_schema_dse_ext(char *schemadir, Slapi_Backend *be,
 		if (schema_flags & DSE_SCHEMA_NO_LOAD)
 		{
 			struct asyntaxinfo *tmpasip = NULL;
-			rc = parse_at_str(attr_str, &tmpasip, errorbuf, SLAPI_DSE_RETURNTEXT_SIZE,
+			rc = parse_at_str(attr_str, &tmpasip, errorbuf, sizeof(errorbuf),
 						  DSE_SCHEMA_NO_GLOCK|schema_flags, 0, 0, 0);
 			attr_syntax_free( tmpasip );	/* trash it */
 		}
 		else
 		{
-			rc = parse_at_str(attr_str, NULL, errorbuf, SLAPI_DSE_RETURNTEXT_SIZE,
+			rc = parse_at_str(attr_str, NULL, errorbuf, sizeof(errorbuf),
 						  schema_flags, 0, 0, 0);
 		}
 		if (rc)
@@ -5918,7 +5918,7 @@ schema_create_errormsg(
 		}
 		/* ok to cast here because rc is positive */
 		if ( (rc >= 0) && ((size_t)rc < errorbufsize) ) {
-			(void)PR_vsnprintf( errorbuf + rc, errorbufsize - rc, fmt, ap );
+			(void)PR_vsnprintf( errorbuf + rc, errorbufsize - rc - 1, fmt, ap );
 		}
 		va_end( ap );
 	}
@@ -7175,7 +7175,7 @@ static struct objclass *
 schema_berval_to_oclist(struct berval **oc_berval)
 {
         struct objclass *oc, *oc_list, *oc_tail;
-        char errorbuf[BUFSIZ];
+        char errorbuf[SLAPI_DSE_RETURNTEXT_SIZE] = {0};
         int schema_ds4x_compat, rc;
         int i;
         
@@ -7185,12 +7185,11 @@ schema_berval_to_oclist(struct berval **oc_berval)
         oc_list = NULL;
         oc_tail = NULL;
         if (oc_berval != NULL) {
-                errorbuf[0] = '\0';
                 for (i = 0; oc_berval[i] != NULL; i++) {
                         /* parse the objectclass value */
                         oc = NULL;
                         if (LDAP_SUCCESS != (rc = parse_oc_str(oc_berval[i]->bv_val, &oc,
-                                errorbuf, sizeof (errorbuf), DSE_SCHEMA_NO_CHECK | DSE_SCHEMA_USE_PRIV_SCHEMA, 0,
+                                errorbuf, sizeof(errorbuf), DSE_SCHEMA_NO_CHECK | DSE_SCHEMA_USE_PRIV_SCHEMA, 0,
                                 schema_ds4x_compat, oc_list))) {
                                 slapi_log_error(SLAPI_LOG_FATAL, "schema",
                                                 "parse_oc_str returned error: %s\n",
@@ -7222,17 +7221,16 @@ static struct asyntaxinfo *
 schema_berval_to_atlist(struct berval **at_berval)
 {
     struct asyntaxinfo *at, *head = NULL, *at_list = NULL;
-    char errorbuf[BUFSIZ];
+    char errorbuf[SLAPI_DSE_RETURNTEXT_SIZE] = {0};
     int schema_ds4x_compat, rc = 0, i;
 
     schema_ds4x_compat = config_get_ds4_compatible_schema();
 
     if (at_berval != NULL) {
-        errorbuf[0] = '\0';
         for (i = 0; at_berval[i] != NULL; i++) {
             /* parse the objectclass value */
             at = NULL;
-            rc = parse_at_str(at_berval[i]->bv_val, &at, errorbuf, sizeof (errorbuf),
+            rc = parse_at_str(at_berval[i]->bv_val, &at, errorbuf, sizeof(errorbuf),
                     DSE_SCHEMA_NO_CHECK | DSE_SCHEMA_USE_PRIV_SCHEMA, 0, schema_ds4x_compat, 0);
             if (rc) {
                 slapi_log_error(SLAPI_LOG_FATAL, "schema",

ldap/servers/slapd/slapi-private.h

@@ -1359,6 +1359,15 @@ int util_info_sys_pages(size_t *pagesize, size_t *pages, size_t *procpages, size
  */
 int util_is_cachesize_sane(size_t *cachesize);
 
+/**
+ * Write an error message to the given error buffer.
+ *
+ * \param errorbuf. The buffer that the error message is written into.  If NULL, nothing happens.  It could be a static array or allocated memory.  If it is allocated memory, the next param len should be given.
+ * \param len. The length of errorbuf.  If 0 is given, sizeof(errorbuf) is used. 
+ * \param fmt. The format of the error message.
+ */
+void slapi_create_errormsg(char *errorbuf, size_t len, const char *fmt, ...);
+
 #ifdef __cplusplus
 }
 #endif

ldap/servers/slapd/ssl.c

@@ -1618,7 +1618,7 @@ slapd_ssl_init2(PRFileDesc **fd, int startTLS)
     char ** family_list;
     CERTCertificate   *cert = NULL;
     SECKEYPrivateKey  *key = NULL;
-    char errorbuf[BUFSIZ];
+    char errorbuf[SLAPI_DSE_RETURNTEXT_SIZE] = {0};
     char *val = NULL;
     char *default_val = NULL;
     int nFamilies = 0;
@@ -1650,7 +1650,6 @@ slapd_ssl_init2(PRFileDesc **fd, int startTLS)
     StdPinObj = (SVRCOREStdPinObj *)SVRCORE_GetRegisteredPinObj();
     SVRCORE_SetStdPinInteractive(StdPinObj, PR_FALSE);
 #endif
-    errorbuf[0] = '\0';
 
     /*
      * Cipher preferences must be set before any sslSocket is created

ldap/servers/slapd/util.c

@@ -1815,5 +1815,20 @@ out:
     return issane;
 }
 
+void
+slapi_create_errormsg(
+    char        *errorbuf,
+    size_t      len,
+    const char  *fmt,
+    ...
+)
+{
+    if (errorbuf) { 
+        va_list     ap;
+        va_start(ap, fmt);
+        (void)PR_vsnprintf(errorbuf, len?len-1:sizeof(errorbuf)-1, fmt, ap);
+        va_end( ap );
+    }
+}