From 55e961338810d89a6f45f31f27b3fd609535b1da Mon Sep 17 00:00:00 2001
From: Mark Reynolds <mreynolds@redhat.com>
Date: Wed, 19 Sep 2018 09:26:59 -0400
Subject: [PATCH] Bug 1624004 - fix regression in empty attribute list
https://bugzilla.redhat.com/show_bug.cgi?id=1624004
---
ldap/servers/slapd/search.c | 12 ++++++++----
1 file changed, 8 insertions(+), 4 deletions(-)
diff --git a/ldap/servers/slapd/search.c b/ldap/servers/slapd/search.c
index dc26fc4d2..7e253f535 100644
--- a/ldap/servers/slapd/search.c
+++ b/ldap/servers/slapd/search.c
@@ -210,6 +210,7 @@ do_search(Slapi_PBlock *pb)
char *normaci = slapi_attr_syntax_normalize("aci");
int replace_aci = 0;
int attr_count = 0;
+ int empty_attrs = 0;
if (!normaci) {
normaci = slapi_ch_strdup("aci");
} else if (strcasecmp(normaci, "aci")) {
@@ -226,10 +227,13 @@ do_search(Slapi_PBlock *pb)
attr_count++;
if ( attrs[i][0] == '\0') {
- log_search_access(pb, base, scope, fstr, "invalid attribute request");
- send_ldap_result(pb, LDAP_PROTOCOL_ERROR, NULL, NULL, 0, NULL);
- slapi_ch_free_string(&normaci);
- goto free_and_return;
+ empty_attrs++;
+ if (empty_attrs > 1) {
+ log_search_access(pb, base, scope, fstr, "invalid attribute request");
+ send_ldap_result(pb, LDAP_PROTOCOL_ERROR, NULL, NULL, 0, NULL);
+ slapi_ch_free_string(&normaci);
+ goto free_and_return;
+ }
}
/* check if @<objectclass> is included */
--
2.17.1