andykimpe / rpms / 389-ds-base

Forked from rpms/389-ds-base 5 months ago
Clone
Blob Blame History Raw
From 55e961338810d89a6f45f31f27b3fd609535b1da Mon Sep 17 00:00:00 2001
From: Mark Reynolds <mreynolds@redhat.com>
Date: Wed, 19 Sep 2018 09:26:59 -0400
Subject: [PATCH] Bug 1624004 - fix regression in empty attribute list

https://bugzilla.redhat.com/show_bug.cgi?id=1624004
---
 ldap/servers/slapd/search.c | 12 ++++++++----
 1 file changed, 8 insertions(+), 4 deletions(-)

diff --git a/ldap/servers/slapd/search.c b/ldap/servers/slapd/search.c
index dc26fc4d2..7e253f535 100644
--- a/ldap/servers/slapd/search.c
+++ b/ldap/servers/slapd/search.c
@@ -210,6 +210,7 @@ do_search(Slapi_PBlock *pb)
         char *normaci = slapi_attr_syntax_normalize("aci");
         int replace_aci = 0;
         int attr_count = 0;
+        int empty_attrs = 0;
         if (!normaci) {
             normaci = slapi_ch_strdup("aci");
         } else if (strcasecmp(normaci, "aci")) {
@@ -226,10 +227,13 @@ do_search(Slapi_PBlock *pb)
             attr_count++;
 
             if ( attrs[i][0] == '\0') {
-                log_search_access(pb, base, scope, fstr, "invalid attribute request");
-                send_ldap_result(pb, LDAP_PROTOCOL_ERROR, NULL, NULL, 0, NULL);
-                slapi_ch_free_string(&normaci);
-                goto free_and_return;
+                empty_attrs++;
+                if (empty_attrs > 1) {
+                    log_search_access(pb, base, scope, fstr, "invalid attribute request");
+                    send_ldap_result(pb, LDAP_PROTOCOL_ERROR, NULL, NULL, 0, NULL);
+                    slapi_ch_free_string(&normaci);
+                    goto free_and_return;
+                }
             }
 
             /* check if @<objectclass> is included */
-- 
2.17.1