From: claudio Date: Mon, 20 Dec 2021 13:26:11 +0000 (+0000) Subject: When removing the last value from an attribute in ldap_del_values() X-Git-Url: http://artulab.com/gitweb/?a=commitdiff_plain;h=5387241f8527ff37ae50356167c4e1c0a1937311;p=openbsd When removing the last value from an attribute in ldap_del_values() the actuall attribute needs to removed instead of leaving back an empty attribute. Empty attributes are not valid and fail later on in ldap_modify(). By calling ldap_del_attribute() in this case properly removes the attribute and with that validate_entry() no longer fails later on. OK jmatthew@ --- diff --git a/usr.sbin/ldapd/attributes.c b/usr.sbin/ldapd/attributes.c index 2ed3a8b4fb7..7c50ecf04ae 100644 --- a/usr.sbin/ldapd/attributes.c +++ b/usr.sbin/ldapd/attributes.c @@ -1,4 +1,4 @@ -/* $OpenBSD: attributes.c,v 1.6 2019/10/24 12:39:26 tb Exp $ */ +/* $OpenBSD: attributes.c,v 1.7 2021/12/20 13:26:11 claudio Exp $ */ /* * Copyright (c) 2009 Martin Hedenfalk @@ -181,7 +181,7 @@ ldap_del_attribute(struct ber_element *entry, const char *attrdesc) attr = entry->be_sub; while (attr) { - if (ober_scanf_elements(attr, "{s(", &s) != 0) { + if (ober_scanf_elements(attr, "{s", &s) != 0) { log_warnx("failed to parse attribute"); return -1; } @@ -241,6 +241,9 @@ ldap_del_values(struct ber_element *elm, struct ber_element *vals) } } + if (old_vals->be_sub == NULL) + return 1; + return 0; } diff --git a/usr.sbin/ldapd/modify.c b/usr.sbin/ldapd/modify.c index d2961063926..629bfb59df2 100644 --- a/usr.sbin/ldapd/modify.c +++ b/usr.sbin/ldapd/modify.c @@ -1,4 +1,4 @@ -/* $OpenBSD: modify.c,v 1.23 2019/10/24 12:39:26 tb Exp $ */ +/* $OpenBSD: modify.c,v 1.24 2021/12/20 13:26:11 claudio Exp $ */ /* * Copyright (c) 2009, 2010 Martin Hedenfalk @@ -334,7 +334,8 @@ ldap_modify(struct request *req) */ if (vals->be_sub && vals->be_sub->be_type == BER_TYPE_OCTETSTRING) { - ldap_del_values(a, vals); + if (ldap_del_values(a, vals) == 1) + ldap_del_attribute(entry, attr); } else { ldap_del_attribute(entry, attr); }