From 336aedd43f38447e8b9868d2789cf2b083b88894 Mon Sep 17 00:00:00 2001

From: Noriko Hosoi <nhosoi@redhat.com>

Date: Thu, 20 Jun 2013 14:05:35 -0700

Subject: [PATCH 76/99] Ticket #47402 - Attribute names are incorrect in search

 results

Bug Description: Attribute list given by a client to ldapsearch

is first copied to op->o_searchattrs to respect the client input.

Then the attribute types are normalized and if the list contains

any forbidden attributes, they are removed from the list.  When

the search result is returned, the internal normalized attribute

types are replaced with the original input op->o_searchattrs,

respectively. Since forbidden attributes are in op->o_searchattrs

but not in the internal attribute list, wrong type from copy is

associated to the value and returned to the client.

Fix Description: This patch removes the forbidden attribute

before copying the original attribute list to op->o_searchattrs.

https://fedorahosted.org/389/ticket/47402

Reviewed by Nathan (Thank you!!)

(cherry picked from commit 29236cd1000f5f9391db4a39511603b8bed707f2)

---

 ldap/servers/slapd/search.c | 4 +++-

 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/ldap/servers/slapd/search.c b/ldap/servers/slapd/search.c

index 7719727..1a824b2 100644

--- a/ldap/servers/slapd/search.c

+++ b/ldap/servers/slapd/search.c

@@ -329,6 +329,8 @@ do_search( Slapi_PBlock *pb )

 			gerattrs[gerattridx] = NULL;

 		}

+		/* Set attrs to SLAPI_SEARCH_ATTRS once to get rid of the forbidden attrs */

+		slapi_pblock_set( pb, SLAPI_SEARCH_ATTRS, attrs );

 		operation->o_searchattrs = cool_charray_dup( attrs );

 		for ( i = 0; attrs[i] != NULL; i++ ) {

 			char	*type;

@@ -338,7 +340,7 @@ do_search( Slapi_PBlock *pb )

 			attrs[i] = type;

 		}

 	}

-   if ( slapd_ldap_debug & LDAP_DEBUG_ARGS ) {

+	if ( slapd_ldap_debug & LDAP_DEBUG_ARGS ) {

 		char abuf[ 1024 ], *astr;

 		if ( NULL == attrs ) {

-- 

1.8.1.4