Implement better DN checking... make sure attribute type is

an OID or a proper type string (letter followed by 0 or more
alnum/-).

servers/slapd/dn.c

@@ -13,12 +13,13 @@
 
 #define B4LEADTYPE		0
 #define B4TYPE			1
-#define INTYPE			2
-#define B4EQUAL			3
-#define B4VALUE			4
-#define INVALUE			5
-#define INQUOTEDVALUE	6
-#define B4SEPARATOR		7
+#define INOIDTYPE		2
+#define INKEYTYPE		3
+#define B4EQUAL			4
+#define B4VALUE			5
+#define INVALUE			6
+#define INQUOTEDVALUE	7
+#define B4SEPARATOR		8
 
 /*
  * dn_normalize - put dn into a canonical format.  the dn is
@@ -37,21 +38,47 @@ dn_normalize( char *dn )
 		switch ( state ) {
 		case B4LEADTYPE:
 		case B4TYPE:
-			if ( ! SPACE( *s ) ) {
-				state = INTYPE;
+			if ( LEADOIDCHAR(*s) ) {
+				state = INOIDTYPE;
+				*d++ = *s;
+			} else if ( LEADKEYCHAR(*s) ) {
+				state = INKEYTYPE;
+				*d++ = *s;
+			} else if ( ! SPACE( *s ) ) {
+				dn = NULL;
+				state = INKEYTYPE;
 				*d++ = *s;
 			}
 			break;
-		case INTYPE:
-			if ( *s == '=' ) {
+
+		case INOIDTYPE:
+			if ( OIDCHAR(*s) ) {
+				*d++ = *s;
+			} else if ( *s == '=' ) {
 				state = B4VALUE;
 				*d++ = *s;
 			} else if ( SPACE( *s ) ) {
 				state = B4EQUAL;
 			} else {
+				dn = NULL;
 				*d++ = *s;
 			}
 			break;
+
+		case INKEYTYPE:
+			if ( KEYCHAR(*s) ) {
+				*d++ = *s;
+			} else if ( *s == '=' ) {
+				state = B4VALUE;
+				*d++ = *s;
+			} else if ( SPACE( *s ) ) {
+				state = B4EQUAL;
+			} else {
+				dn = NULL;
+				*d++ = *s;
+			}
+			break;
+
 		case B4EQUAL:
 			if ( *s == '=' ) {
 				state = B4VALUE;
@@ -62,6 +89,7 @@ dn_normalize( char *dn )
 				dn = NULL;
 			}
 			break;
+
 		case B4VALUE:
 			if ( *s == '"' ) {
 				state = INQUOTEDVALUE;
@@ -71,6 +99,7 @@ dn_normalize( char *dn )
 				*d++ = *s;
 			}
 			break;
+
 		case INVALUE:
 			if ( !gotesc && SEPARATOR( *s ) ) {
 				while ( SPACE( *(d - 1) ) )
@@ -89,6 +118,7 @@ dn_normalize( char *dn )
 				*d++ = *s;
 			}
 			break;
+
 		case INQUOTEDVALUE:
 			if ( !gotesc && *s == '"' ) {
 				state = B4SEPARATOR;

servers/slapd/modrdn.c

@@ -194,7 +194,7 @@ do_modrdn(
 	if( newSuperior != NULL ) {
 		newSuperior_be = select_backend( nnewSuperior );
 
-		if ( newSuperior != be ) {
+		if ( newSuperior_be != be ) {
 			/* newSuperior is in same backend */
 			rc = LDAP_AFFECTS_MULTIPLE_DSAS;
 

servers/slapd/slap.h

@@ -56,9 +56,25 @@ LDAP_BEGIN_DECL
 
 #define MAXREMATCHES 10
 
+/* XXYYZ: these macros assume 'x' is an ASCII x */
 #define DNSEPARATOR(c)	((c) == ',' || (c) == ';')
 #define SEPARATOR(c)	((c) == ',' || (c) == ';' || (c) == '+')
 #define SPACE(c)	((c) == ' ' || (c) == '\n')
+
+#define ASCII_LOWER(c)	( (c) >= 'a' && (c) <= 'z' )
+#define ASCII_UPPER(c)	( (c) >= 'A' && (c) <= 'Z' )
+#define ASCII_ALPHA(c)	( ASCII_LOWER(c) || ASCII_UPPER(c) )
+#define ASCII_DIGIT(c)	( (c) >= '0' && (c) <= '9' )
+#define ASCII_ALNUM(c)	( ASCII_ALPHA(c) || ASCII_DIGIT(c) )
+
+#define LEADKEYCHAR(c)	( ASCII_ALPHA(c) )
+#define KEYCHAR(c)	( ASCII_ALNUM(c) || (c) == '-' )
+#define LEADOIDCHAR(c)	( ASCII_DIGIT(c) )
+#define OIDCHAR(c)	( ASCII_DIGIT(c) || (c) == '.' )
+
+#define LEADATTRCHAR(c)	( LEADKEYCHAR(c) || LEADOIDCHAR(c) )
+#define ATTRCHAR(c)	( KEYCHAR((c)) || (c) == '.' )
+
 #define NEEDSESCAPE(c)	((c) == '\\' || (c) == '"')
 
 #define SLAP_SCHERR_OUTOFMEM		1