fix ITS#3140

servers/slapd/acl.c

@@ -72,7 +72,8 @@ static struct berval
 	aci_bv_group_class 	= BER_BVC(SLAPD_GROUP_CLASS),
 	aci_bv_group_attr 	= BER_BVC(SLAPD_GROUP_ATTR),
 	aci_bv_role_class	= BER_BVC(SLAPD_ROLE_CLASS),
-	aci_bv_role_attr	= BER_BVC(SLAPD_ROLE_ATTR);
+	aci_bv_role_attr	= BER_BVC(SLAPD_ROLE_ATTR),
+	aci_bv_set_attr		= BER_BVC(SLAPD_ACI_SET_ATTR);
 
 
 static AccessControl * acl_get(
@@ -1745,8 +1746,7 @@ aci_get_part(
 	char *p;
 
 	if (bv) {
-		bv->bv_len = 0;
+		BER_BVZERO( bv );
-		bv->bv_val = NULL;
 	}
 	len = list->bv_len;
 	p = list->bv_val;
@@ -1808,9 +1808,12 @@ aci_match_set (
 	struct berval	set = BER_BVNULL;
 	int		rc = 0;
 	AciSetCookie	cookie;
+	Operation	op2 = *op;
+
+	op2.o_conn = NULL;
 
 	if (setref == 0) {
-		ber_dupbv_x( &set, subj, op->o_tmpmemctx );
+		ber_dupbv_x( &set, subj, op2.o_tmpmemctx );
 	} else {
 		struct berval		subjdn, ndn = BER_BVNULL;
 		struct berval		setat;
@@ -1819,49 +1822,45 @@ aci_match_set (
 		AttributeDescription	*desc = NULL;
 
 		/* format of string is "entry/setAttrName" */
-		if (aci_get_part(subj, 0, '/', &subjdn) < 0) {
+		if ( aci_get_part( subj, 0, '/', &subjdn ) < 0 ) {
 			return(0);
 		}
 
-		if ( aci_get_part(subj, 1, '/', &setat) < 0 ) {
+		if ( aci_get_part( subj, 1, '/', &setat ) < 0 ) {
-			setat.bv_val = SLAPD_ACI_SET_ATTR;
+			setat = aci_bv_set_attr;
-			setat.bv_len = sizeof(SLAPD_ACI_SET_ATTR)-1;
 		}
 
-		if ( setat.bv_val != NULL ) {
 		/*
 		 * NOTE: dnNormalize honors the ber_len field
 		 * as the length of the dn to be normalized
 		 */
-			if ( dnNormalize(0, NULL, NULL, &subjdn, &ndn, op->o_tmpmemctx) == LDAP_SUCCESS
+		if ( slap_bv2ad( &setat, &desc, &text ) == LDAP_SUCCESS ) {
-				&& slap_bv2ad(&setat, &desc, &text) == LDAP_SUCCESS )
+			if ( dnNormalize( 0, NULL, NULL, &subjdn, &ndn, op2.o_tmpmemctx ) == LDAP_SUCCESS )
 			{
-				backend_attribute(op, e,
+				backend_attribute( &op2, e, &ndn, desc, &bvals );
-					&ndn, desc, &bvals);
+				if ( bvals != NULL && !BER_BVISNULL( &bvals[0] ) ) {
-				if ( bvals != NULL ) {
-					if ( bvals[0].bv_val != NULL ) {
 					int	i;
+
 					set = bvals[0];
-						bvals[0].bv_val = NULL;
+					BER_BVZERO( &bvals[0] );
-						for (i=1;bvals[i].bv_val;i++);
+					for ( i = 1; !BER_BVISNULL( &bvals[i] ); i++ );
 					bvals[0].bv_val = bvals[i-1].bv_val;
-						bvals[i-1].bv_val = NULL;
+					BER_BVZERO( &bvals[i-1] );
 				}
-					ber_bvarray_free_x(bvals, op->o_tmpmemctx);
+				ber_bvarray_free_x( bvals, op2.o_tmpmemctx );
+				slap_sl_free( ndn.bv_val, op2.o_tmpmemctx );
 			}
 		}
-			if (ndn.bv_val)
-				free(ndn.bv_val);
-		}
 	}
 
-	if (set.bv_val != NULL) {
+	if ( !BER_BVISNULL( &set ) ) {
-		cookie.op = op;
+		cookie.op = &op2;
 		cookie.e = e;
-		rc = (slap_set_filter(aci_set_gather, (SetCookie *)&cookie, &set,
+		rc = ( slap_set_filter( aci_set_gather, (SetCookie *)&cookie, &set,
-			&op->o_ndn, &e->e_nname, NULL) > 0);
+			&op2.o_ndn, &e->e_nname, NULL ) > 0 );
-		slap_sl_free(set.bv_val, op->o_tmpmemctx);
+		slap_sl_free( set.bv_val, op2.o_tmpmemctx );
 	}
+
 	return(rc);
 }
 

servers/slapd/aclparse.c

@@ -143,7 +143,7 @@ check_scope( BackendDB *be, AccessControl *a )
 
 	dn = be->be_nsuffix[ 0 ];
 
-	if ( a->acl_dn_pat.bv_len || ( a->acl_dn_style != ACL_STYLE_REGEX ) ) {
+	if ( a->acl_dn_pat.bv_len || a->acl_dn_style != ACL_STYLE_REGEX ) {
 		slap_style_t	style = a->acl_dn_style;
 
 		if ( style == ACL_STYLE_REGEX ) {