From e18764465fa2885592e1a4da4118448bb9767d5b Mon Sep 17 00:00:00 2001
From: Ryan Tandy <ryan@nardis.ca>
Date: Mon, 13 Apr 2020 11:10:47 -0700
Subject: [PATCH] ITS#9212 Restore snprintf to caller-provided buffer

76df74dbeab47195e42946a474c3a5f8557c168d removed some snprintfs to
buffers that are actually returned to the client. Restore these.
---
 servers/slapd/back-meta/init.c |   9 ++-
 servers/slapd/schema_check.c   | 116 ++++++++++++++++++++++-----------
 2 files changed, 85 insertions(+), 40 deletions(-)

diff --git a/servers/slapd/back-meta/init.c b/servers/slapd/back-meta/init.c
index 7ab6d4ef0f..713a27ac3e 100644
--- a/servers/slapd/back-meta/init.c
+++ b/servers/slapd/back-meta/init.c
@@ -194,9 +194,12 @@ meta_target_finish(
 	if ( ( mt->mt_idassert_flags & LDAP_BACK_AUTH_AUTHZ_ALL )
 		&& !( mt->mt_idassert_flags & LDAP_BACK_AUTH_PRESCRIPTIVE ) )
 	{
-		Debug(LDAP_DEBUG_ANY,
-		      "%s: inconsistent idassert configuration " "(likely authz=\"*\" used with \"non-prescriptive\" flag) (target %s)\n",
-		      log, mt->mt_uri );
+		snprintf( msg, msize,
+			"%s: inconsistent idassert configuration "
+			"(likely authz=\"*\" used with \"non-prescriptive\" flag)",
+			log );
+		Debug( LDAP_DEBUG_ANY, "%s (target %s)\n",
+			msg, mt->mt_uri );
 		return 1;
 	}
 
diff --git a/servers/slapd/schema_check.c b/servers/slapd/schema_check.c
index 3270d6a11c..23a086cdbb 100644
--- a/servers/slapd/schema_check.c
+++ b/servers/slapd/schema_check.c
@@ -112,9 +112,13 @@ entry_schema_check(
 		if( is_at_single_value( a->a_desc->ad_type ) &&
 			a->a_vals[1].bv_val != NULL )
 		{
-			Debug(LDAP_DEBUG_ANY,
-			      "Entry (%s), attribute '%s' cannot have multiple values\n",
-			      e->e_dn, type );
+			snprintf( textbuf, textlen, 
+				"attribute '%s' cannot have multiple values",
+				type );
+
+			Debug( LDAP_DEBUG_ANY,
+			    "Entry (%s), %s\n",
+			    e->e_dn, textbuf );
 
 			return LDAP_CONSTRAINT_VIOLATION;
 		}
@@ -161,18 +165,26 @@ entry_schema_check(
 
 	sc = oc_bvfind( &asc->a_vals[0] );
 	if( sc == NULL ) {
-		Debug(LDAP_DEBUG_ANY,
-		      "entry_check_schema(%s): unrecognized structuralObjectClass '%s'\n",
-		      e->e_dn, asc->a_vals[0].bv_val );
+		snprintf( textbuf, textlen, 
+			"unrecognized structuralObjectClass '%s'",
+			asc->a_vals[0].bv_val );
+
+		Debug( LDAP_DEBUG_ANY,
+			"entry_check_schema(%s): %s\n",
+			e->e_dn, textbuf );
 
 		rc = LDAP_OBJECT_CLASS_VIOLATION;
 		goto done;
 	}
 
 	if( sc->soc_kind != LDAP_SCHEMA_STRUCTURAL ) {
-		Debug(LDAP_DEBUG_ANY,
-		      "entry_check_schema(%s): structuralObjectClass '%s' is not STRUCTURAL\n",
-		      e->e_dn, asc->a_vals[0].bv_val );
+		snprintf( textbuf, textlen, 
+			"structuralObjectClass '%s' is not STRUCTURAL",
+			asc->a_vals[0].bv_val );
+
+		Debug( LDAP_DEBUG_ANY,
+			"entry_check_schema(%s): %s\n",
+			e->e_dn, textbuf );
 
 		rc = LDAP_OTHER;
 		goto done;
@@ -180,9 +192,13 @@ entry_schema_check(
 
 got_soc:
 	if( !manage && sc->soc_obsolete ) {
-		Debug(LDAP_DEBUG_ANY,
-		      "entry_check_schema(%s): structuralObjectClass '%s' is OBSOLETE\n",
-		      e->e_dn, asc->a_vals[0].bv_val );
+		snprintf( textbuf, textlen, 
+			"structuralObjectClass '%s' is OBSOLETE",
+			asc->a_vals[0].bv_val );
+
+		Debug( LDAP_DEBUG_ANY,
+			"entry_check_schema(%s): %s\n",
+			e->e_dn, textbuf );
 
 		rc = LDAP_OBJECT_CLASS_VIOLATION;
 		goto done;
@@ -240,9 +256,13 @@ got_soc:
 	/* check that the entry has required attrs of the content rule */
 	if( cr ) {
 		if( !manage && cr->scr_obsolete ) {
-			Debug(LDAP_DEBUG_ANY,
-			      "Entry (%s): content rule '%s' is obsolete\n",
-			      e->e_dn, ldap_contentrule2name(&cr->scr_crule) );
+			snprintf( textbuf, textlen, 
+				"content rule '%s' is obsolete",
+				ldap_contentrule2name( &cr->scr_crule ));
+
+			Debug( LDAP_DEBUG_ANY,
+				"Entry (%s): %s\n",
+				e->e_dn, textbuf );
 
 			rc = LDAP_OBJECT_CLASS_VIOLATION;
 			goto done;
@@ -259,11 +279,14 @@ got_soc:
 
 			/* not there => schema violation */
 			if ( a == NULL ) {
-				Debug(LDAP_DEBUG_ANY,
-				      "Entry (%s): content rule '%s' requires attribute '%s'\n",
-				      e->e_dn,
-				      ldap_contentrule2name(&cr->scr_crule),
-				      at->sat_cname.bv_val );
+				snprintf( textbuf, textlen, 
+					"content rule '%s' requires attribute '%s'",
+					ldap_contentrule2name( &cr->scr_crule ),
+					at->sat_cname.bv_val );
+
+				Debug( LDAP_DEBUG_ANY,
+					"Entry (%s): %s\n",
+					e->e_dn, textbuf );
 
 				rc = LDAP_OBJECT_CLASS_VIOLATION;
 				goto done;
@@ -281,11 +304,14 @@ got_soc:
 
 			/* there => schema violation */
 			if ( a != NULL ) {
-				Debug(LDAP_DEBUG_ANY,
-				      "Entry (%s): content rule '%s' precluded attribute '%s'\n",
-				      e->e_dn,
-				      ldap_contentrule2name(&cr->scr_crule),
-				      at->sat_cname.bv_val );
+				snprintf( textbuf, textlen, 
+					"content rule '%s' precluded attribute '%s'",
+					ldap_contentrule2name( &cr->scr_crule ),
+					at->sat_cname.bv_val );
+
+				Debug( LDAP_DEBUG_ANY,
+					"Entry (%s): %s\n",
+					e->e_dn, textbuf );
 
 				rc = LDAP_OBJECT_CLASS_VIOLATION;
 				goto done;
@@ -298,9 +324,13 @@ got_soc:
 		oc = socs[i];
 		if ( !manage && oc->soc_obsolete ) {
 			/* disallow obsolete classes */
-			Debug(LDAP_DEBUG_ANY,
-			      "entry_check_schema(%s): objectClass '%s' is OBSOLETE\n",
-			      e->e_dn, aoc->a_vals[i].bv_val );
+			snprintf( textbuf, textlen, 
+				"objectClass '%s' is OBSOLETE",
+				aoc->a_vals[i].bv_val );
+
+			Debug( LDAP_DEBUG_ANY,
+				"entry_check_schema(%s): %s\n",
+				e->e_dn, textbuf );
 
 			rc = LDAP_OBJECT_CLASS_VIOLATION;
 			goto done;
@@ -341,9 +371,13 @@ got_soc:
 				}
 
 				if( xc != NULL ) {
-					Debug(LDAP_DEBUG_ANY,
-					      "entry_check_schema(%s): instantiation of " "abstract objectClass '%s' not allowed\n",
-					      e->e_dn, aoc->a_vals[i].bv_val );
+					snprintf( textbuf, textlen, "instantiation of "
+						"abstract objectClass '%s' not allowed",
+						aoc->a_vals[i].bv_val );
+
+					Debug( LDAP_DEBUG_ANY,
+						"entry_check_schema(%s): %s\n",
+						e->e_dn, textbuf );
 
 					rc = LDAP_OBJECT_CLASS_VIOLATION;
 					goto done;
@@ -395,9 +429,13 @@ got_soc:
 
 			s = oc_check_required( e, oc, &aoc->a_vals[i] );
 			if (s != NULL) {
-				Debug(LDAP_DEBUG_ANY,
-				      "Entry (%s): object class '%s' requires attribute '%s'\n",
-				      e->e_dn, aoc->a_vals[i].bv_val, s );
+				snprintf( textbuf, textlen, 
+					"object class '%s' requires attribute '%s'",
+					aoc->a_vals[i].bv_val, s );
+
+				Debug( LDAP_DEBUG_ANY,
+					"Entry (%s): %s\n",
+					e->e_dn, textbuf );
 
 				rc = LDAP_OBJECT_CLASS_VIOLATION;
 				goto done;
@@ -445,9 +483,13 @@ got_soc:
 		if ( rc != LDAP_SUCCESS ) {
 			char *type = a->a_desc->ad_cname.bv_val;
 
-			Debug(LDAP_DEBUG_ANY,
-			      "Entry (%s), attribute '%s' not allowed\n",
-			      e->e_dn, type );
+			snprintf( textbuf, textlen, 
+				"attribute '%s' not allowed",
+				type );
+
+			Debug( LDAP_DEBUG_ANY,
+			    "Entry (%s), %s\n",
+			    e->e_dn, textbuf );
 
 			goto done;
 		}