From bdb078a7783630067326ff5c6ea6c8a7d3b96e92 Mon Sep 17 00:00:00 2001 From: Hallvard Furuseth Date: Fri, 31 Dec 2010 20:53:17 +0000 Subject: [PATCH] ITS#6758 Reset dangerous REP_ENTRY_* flags. If SlapReply.sr_un cannot contain an entry but does or soon may contain another member than sru_search: Ensure nothing will see leftover REP_ENTRY_* flags and try to clean up the "entry" there. --- servers/slapd/back-ldap/extended.c | 4 +++- servers/slapd/back-ldap/search.c | 3 +++ servers/slapd/back-meta/search.c | 3 +++ servers/slapd/result.c | 13 +++++++++++++ 4 files changed, 22 insertions(+), 1 deletion(-) diff --git a/servers/slapd/back-ldap/extended.c b/servers/slapd/back-ldap/extended.c index 57223f2f5f..4639cd39f6 100644 --- a/servers/slapd/back-ldap/extended.c +++ b/servers/slapd/back-ldap/extended.c @@ -90,6 +90,9 @@ ldap_back_extended( { int i; + RS_ASSERT( !(rs->sr_flags & REP_ENTRY_MASK) ); + rs->sr_flags &= ~REP_ENTRY_MASK; /* paranoia */ + for ( i = 0; exop_table[i].extended != NULL; i++ ) { if ( bvmatch( &exop_table[i].oid, &op->oq_extended.rs_reqoid ) ) { @@ -397,4 +400,3 @@ retry: return rc; } - diff --git a/servers/slapd/back-ldap/search.c b/servers/slapd/back-ldap/search.c index 5c0a1f96ce..4b7b3f1b5d 100644 --- a/servers/slapd/back-ldap/search.c +++ b/servers/slapd/back-ldap/search.c @@ -173,6 +173,9 @@ ldap_back_search( /* FIXME: shouldn't this be null? */ const char *save_matched = rs->sr_matched; + rs_assert_ready( rs ); + rs->sr_flags &= ~REP_ENTRY_MASK; /* paranoia, we can set rs = non-entry */ + if ( !ldap_back_dobind( &lc, op, rs, LDAP_BACK_SENDERR ) ) { return rs->sr_err; } diff --git a/servers/slapd/back-meta/search.c b/servers/slapd/back-meta/search.c index 37028dbac1..27127cf166 100644 --- a/servers/slapd/back-meta/search.c +++ b/servers/slapd/back-meta/search.c @@ -700,6 +700,9 @@ meta_back_search( Operation *op, SlapReply *rs ) SlapReply *candidates = NULL; int do_taint = 0; + rs_assert_ready( rs ); + rs->sr_flags &= ~REP_ENTRY_MASK; /* paranoia, we can set rs = non-entry */ + /* * controls are set in ldap_back_dobind() * diff --git a/servers/slapd/result.c b/servers/slapd/result.c index 6456bd8273..b139d217a0 100644 --- a/servers/slapd/result.c +++ b/servers/slapd/result.c @@ -728,6 +728,10 @@ send_ldap_disconnect( Operation *op, SlapReply *rs ) rs->sr_err, rs->sr_text ? rs->sr_text : "", NULL ); assert( LDAP_UNSOLICITED_ERROR( rs->sr_err ) ); + /* TODO: Flush the entry if sr_type == REP_SEARCH/REP_SEARCHREF? */ + RS_ASSERT( !(rs->sr_flags & REP_ENTRY_MASK) ); + rs->sr_flags &= ~REP_ENTRY_MASK; /* paranoia */ + rs->sr_type = REP_EXTENDED; rs->sr_rspdata = NULL; @@ -833,6 +837,9 @@ send_ldap_sasl( Operation *op, SlapReply *rs ) rs->sr_err, rs->sr_sasldata ? (long) rs->sr_sasldata->bv_len : -1, NULL ); + RS_ASSERT( !(rs->sr_flags & REP_ENTRY_MASK) ); + rs->sr_flags &= ~REP_ENTRY_MASK; /* paranoia */ + rs->sr_type = REP_SASL; rs->sr_tag = slap_req2res( op->o_tag ); rs->sr_msgid = (rs->sr_tag != LBER_SEQUENCE) ? op->o_msgid : 0; @@ -854,6 +861,9 @@ slap_send_ldap_extended( Operation *op, SlapReply *rs ) rs->sr_rspoid ? rs->sr_rspoid : "", rs->sr_rspdata != NULL ? rs->sr_rspdata->bv_len : 0 ); + RS_ASSERT( !(rs->sr_flags & REP_ENTRY_MASK) ); + rs->sr_flags &= ~REP_ENTRY_MASK; /* paranoia */ + rs->sr_type = REP_EXTENDED; rs->sr_tag = slap_req2res( op->o_tag ); rs->sr_msgid = (rs->sr_tag != LBER_SEQUENCE) ? op->o_msgid : 0; @@ -875,6 +885,9 @@ slap_send_ldap_intermediate( Operation *op, SlapReply *rs ) rs->sr_rspoid ? rs->sr_rspoid : "", rs->sr_rspdata != NULL ? rs->sr_rspdata->bv_len : 0 ); + RS_ASSERT( !(rs->sr_flags & REP_ENTRY_MASK) ); + rs->sr_flags &= ~REP_ENTRY_MASK; /* paranoia */ + rs->sr_type = REP_INTERMEDIATE; rs->sr_tag = LDAP_RES_INTERMEDIATE; rs->sr_msgid = op->o_msgid;