From 29236cd1000f5f9391db4a39511603b8bed707f2 Mon Sep 17 00:00:00 2001 From: Noriko Hosoi Date: Jun 20 2013 21:50:37 +0000 Subject: Ticket #47402 - Attribute names are incorrect in search results Bug Description: Attribute list given by a client to ldapsearch is first copied to op->o_searchattrs to respect the client input. Then the attribute types are normalized and if the list contains any forbidden attributes, they are removed from the list. When the search result is returned, the internal normalized attribute types are replaced with the original input op->o_searchattrs, respectively. Since forbidden attributes are in op->o_searchattrs but not in the internal attribute list, wrong type from copy is associated to the value and returned to the client. Fix Description: This patch removes the forbidden attribute before copying the original attribute list to op->o_searchattrs. https://fedorahosted.org/389/ticket/47402 Reviewed by Nathan (Thank you!!) --- diff --git a/ldap/servers/slapd/search.c b/ldap/servers/slapd/search.c index 7719727..1a824b2 100644 --- a/ldap/servers/slapd/search.c +++ b/ldap/servers/slapd/search.c @@ -329,6 +329,8 @@ do_search( Slapi_PBlock *pb ) gerattrs[gerattridx] = NULL; } + /* Set attrs to SLAPI_SEARCH_ATTRS once to get rid of the forbidden attrs */ + slapi_pblock_set( pb, SLAPI_SEARCH_ATTRS, attrs ); operation->o_searchattrs = cool_charray_dup( attrs ); for ( i = 0; attrs[i] != NULL; i++ ) { char *type; @@ -338,7 +340,7 @@ do_search( Slapi_PBlock *pb ) attrs[i] = type; } } - if ( slapd_ldap_debug & LDAP_DEBUG_ARGS ) { + if ( slapd_ldap_debug & LDAP_DEBUG_ARGS ) { char abuf[ 1024 ], *astr; if ( NULL == attrs ) {