ITS#6758 Reset dangerous REP_ENTRY_* flags.

If SlapReply.sr_un cannot contain an entry but does or soon may
contain another member than sru_search: Ensure nothing will see
leftover REP_ENTRY_* flags and try to clean up the "entry" there.

servers/slapd/back-ldap/extended.c

@@ -90,6 +90,9 @@ ldap_back_extended(
 {
 	int	i;
 
+	RS_ASSERT( !(rs->sr_flags & REP_ENTRY_MASK) );
+	rs->sr_flags &= ~REP_ENTRY_MASK;	/* paranoia */
+
 	for ( i = 0; exop_table[i].extended != NULL; i++ ) {
 		if ( bvmatch( &exop_table[i].oid, &op->oq_extended.rs_reqoid ) )
 		{
@@ -397,4 +400,3 @@ retry:
 
 	return rc;
 }
-

servers/slapd/back-ldap/search.c

@@ -173,6 +173,9 @@ ldap_back_search(
 	/* FIXME: shouldn't this be null? */
 	const char	*save_matched = rs->sr_matched;
 
+	rs_assert_ready( rs );
+	rs->sr_flags &= ~REP_ENTRY_MASK; /* paranoia, we can set rs = non-entry */
+
 	if ( !ldap_back_dobind( &lc, op, rs, LDAP_BACK_SENDERR ) ) {
 		return rs->sr_err;
 	}

servers/slapd/back-meta/search.c

@@ -700,6 +700,9 @@ meta_back_search( Operation *op, SlapReply *rs )
 	SlapReply	*candidates = NULL;
 	int		do_taint = 0;
 
+	rs_assert_ready( rs );
+	rs->sr_flags &= ~REP_ENTRY_MASK; /* paranoia, we can set rs = non-entry */
+
 	/*
 	 * controls are set in ldap_back_dobind()
 	 * 

servers/slapd/result.c

@@ -728,6 +728,10 @@ send_ldap_disconnect( Operation	*op, SlapReply *rs )
 		rs->sr_err, rs->sr_text ? rs->sr_text : "", NULL );
 	assert( LDAP_UNSOLICITED_ERROR( rs->sr_err ) );
 
+	/* TODO: Flush the entry if sr_type == REP_SEARCH/REP_SEARCHREF? */
+	RS_ASSERT( !(rs->sr_flags & REP_ENTRY_MASK) );
+	rs->sr_flags &= ~REP_ENTRY_MASK;	/* paranoia */
+
 	rs->sr_type = REP_EXTENDED;
 	rs->sr_rspdata = NULL;
 
@@ -833,6 +837,9 @@ send_ldap_sasl( Operation *op, SlapReply *rs )
 		rs->sr_err,
 		rs->sr_sasldata ? (long) rs->sr_sasldata->bv_len : -1, NULL );
 
+	RS_ASSERT( !(rs->sr_flags & REP_ENTRY_MASK) );
+	rs->sr_flags &= ~REP_ENTRY_MASK;	/* paranoia */
+
 	rs->sr_type = REP_SASL;
 	rs->sr_tag = slap_req2res( op->o_tag );
 	rs->sr_msgid = (rs->sr_tag != LBER_SEQUENCE) ? op->o_msgid : 0;
@@ -854,6 +861,9 @@ slap_send_ldap_extended( Operation *op, SlapReply *rs )
 		rs->sr_rspoid ? rs->sr_rspoid : "",
 		rs->sr_rspdata != NULL ? rs->sr_rspdata->bv_len : 0 );
 
+	RS_ASSERT( !(rs->sr_flags & REP_ENTRY_MASK) );
+	rs->sr_flags &= ~REP_ENTRY_MASK;	/* paranoia */
+
 	rs->sr_type = REP_EXTENDED;
 	rs->sr_tag = slap_req2res( op->o_tag );
 	rs->sr_msgid = (rs->sr_tag != LBER_SEQUENCE) ? op->o_msgid : 0;
@@ -875,6 +885,9 @@ slap_send_ldap_intermediate( Operation *op, SlapReply *rs )
 		rs->sr_rspoid ? rs->sr_rspoid : "",
 		rs->sr_rspdata != NULL ? rs->sr_rspdata->bv_len : 0 );
 
+	RS_ASSERT( !(rs->sr_flags & REP_ENTRY_MASK) );
+	rs->sr_flags &= ~REP_ENTRY_MASK;	/* paranoia */
+
 	rs->sr_type = REP_INTERMEDIATE;
 	rs->sr_tag = LDAP_RES_INTERMEDIATE;
 	rs->sr_msgid = op->o_msgid;