| |
@@ -7339,9 +7339,12 @@
|
| |
/* During a reset, the value is "", so we have to handle this case. */
|
| |
if (strcmp(value, "") != 0) {
|
| |
char *nval = slapi_ch_strdup(value);
|
| |
+ /* A separate variable is used because slapi_str2charray_ext can change it and nval'd become corrupted */
|
| |
+ char *tmp_array_nval;
|
| |
|
| |
/* cyrus sasl doesn't like comma separated lists */
|
| |
remove_commas(nval);
|
| |
+ tmp_array_nval = slapi_ch_strdup(nval);
|
| |
|
| |
if (invalid_sasl_mech(nval)) {
|
| |
slapi_log_err(SLAPI_LOG_ERR, "config_set_allowed_sasl_mechs",
|
| |
@@ -7350,13 +7353,15 @@
|
| |
"digits, hyphens, or underscores\n",
|
| |
nval);
|
| |
slapi_ch_free_string(&nval);
|
| |
+ slapi_ch_free_string(&tmp_array_nval);
|
| |
return LDAP_UNWILLING_TO_PERFORM;
|
| |
}
|
| |
CFG_LOCK_WRITE(slapdFrontendConfig);
|
| |
slapi_ch_free_string(&slapdFrontendConfig->allowed_sasl_mechs);
|
| |
slapi_ch_array_free(slapdFrontendConfig->allowed_sasl_mechs_array);
|
| |
slapdFrontendConfig->allowed_sasl_mechs = nval;
|
| |
- slapdFrontendConfig->allowed_sasl_mechs_array = slapi_str2charray_ext(nval, " ", 0);
|
| |
+ slapdFrontendConfig->allowed_sasl_mechs_array = slapi_str2charray_ext(tmp_array_nval, " ", 0);
|
| |
+ slapi_ch_free_string(&tmp_array_nval);
|
| |
CFG_UNLOCK_WRITE(slapdFrontendConfig);
|
| |
} else {
|
| |
/* If this value is "", we need to set the list to *all* possible mechs */
|
| |
Bug Description: Adding multiple mechanisms to nsslapd-allowed-sasl-mechanisms ignores all but one of the mechanisms specified.
Fix Description: The issue happens because we use the same memory address
for 'char ' for slapdFrontendConfig->allowed_sasl_mechs and
for slapdFrontendConfig->allowed_sasl_mechs_array.
So when we split the 'char ' into the 'char **' with ' ' delimetr,
allowed_sasl_mechs has only the first element becuase ' ' is set to 0 now.
Define a separate 'char *' for the array.
Add a test for the issue.
https://pagure.io/389-ds-base/issue/50869
Reviewed by: ?