From 3b68aa6f5e07564e7aa4da9325662b37bf72b642 Mon Sep 17 00:00:00 2001 From: Nathan Kinder Date: Dec 09 2010 16:42:31 +0000 Subject: Bug 661792 - Valid managed entry config rejected The attribute mapping parsing code in the managed entries plug-in can access the wrong memory when trying to parse the post-macro portion of a mapping value when no post string exists. When the macro is at the end of the mapping value, we were setting post_str to an empty constant string. The code that later parses post_str expects post_str to be contained within the actual mapping value string. This is not the case when we have set post_str to point to a constant emptry string, so we end up parsing through memory that we shouldn't. The fix is to set post_str to NULL when there is no post string. We can then skip post string parsing when post_str is not set. --- diff --git a/ldap/servers/plugins/mep/mep.c b/ldap/servers/plugins/mep/mep.c index df4821a..7eeaaff 100644 --- a/ldap/servers/plugins/mep/mep.c +++ b/ldap/servers/plugins/mep/mep.c @@ -1387,9 +1387,8 @@ mep_parse_mapped_attr(char *mapping, Slapi_Entry *origin, * to be a part of the map type. */ if (IS_ATTRDESC_CHAR(*p)) { map_type = strndup(var_start, p - var_start + 1); - /* There is no post string, so - * set it to be empty. */ - post_str = ""; + /* There is no post string. */ + post_str = NULL; } else { map_type = strndup(var_start, p - var_start); post_str = p; @@ -1409,7 +1408,7 @@ mep_parse_mapped_attr(char *mapping, Slapi_Entry *origin, } /* Process the post string to remove any escapes. */ - for (p = post_str; p <= end; p++) { + for (p = post_str; p && (p <= end); p++) { if (*p == '$') { if ((p == end) || (*(p+1) != '$')) { slapi_log_error( SLAPI_LOG_FATAL, MEP_PLUGIN_SUBSYSTEM, @@ -1449,7 +1448,7 @@ mep_parse_mapped_attr(char *mapping, Slapi_Entry *origin, if (map_val) { /* Create the new mapped value. */ *value = slapi_ch_smprintf("%s%s%s", pre_str, - map_val, post_str); + map_val, post_str ? post_str : ""); if (freeit) { slapi_ch_free_string(&map_val); }