From 5ab989b8c743f9f825b9cfa3f49069e9b2bcf60a Mon Sep 17 00:00:00 2001
From: Quanah Gibson-Mount <quanah@openldap.org>
Date: Wed, 28 May 2008 18:23:34 +0000
Subject: [PATCH] ITS#5403

---
 CHANGES                  | 1 +
 servers/slapd/syncrepl.c | 7 ++++++-
 2 files changed, 7 insertions(+), 1 deletion(-)

diff --git a/CHANGES b/CHANGES
index e9a0cbdcd4..2a8e3c4d3b 100644
--- a/CHANGES
+++ b/CHANGES
@@ -8,6 +8,7 @@ OpenLDAP 2.4.10 Engineering
 	Fixed slapd missing termination of integerFilter keys (ITS#5503)
 	Fixed slapd multiple attrs in URI (ITS#5516)
 	Fixed slapd socket assert (ITS#5489)
+	Fixed slapd sasl_ssf retrieval (ITS#5403)
 	Fixed slapd-bdb/hdb MAXPATHLEN (ITS#5531)
 	Fixed slapd-bdb indexing in single ADD/MOD (ITS#5521)
 	Fixed slapd-ldap entry_get() op-dependent behavior (ITS#5513)
diff --git a/servers/slapd/syncrepl.c b/servers/slapd/syncrepl.c
index d833e969af..0428dfb3ba 100644
--- a/servers/slapd/syncrepl.c
+++ b/servers/slapd/syncrepl.c
@@ -568,7 +568,12 @@ do_syncrep1(
 		op->o_tls_ssf = ldap_pvt_tls_get_strength( ssl );
 	}
 #endif /* HAVE_TLS */
-	ldap_get_option( si->si_ld, LDAP_OPT_X_SASL_SSF, &op->o_sasl_ssf );
+	{
+		ber_len_t ssf; /* ITS#5403, 3864 LDAP_OPT_X_SASL_SSF probably ought
+						  to use sasl_ssf_t but currently uses ber_len_t */
+		ldap_get_option( si->si_ld, LDAP_OPT_X_SASL_SSF, &ssf );
+		op->o_sasl_ssf = ssf;
+	}
 	op->o_ssf = ( op->o_sasl_ssf > op->o_tls_ssf )
 		?  op->o_sasl_ssf : op->o_tls_ssf;
 
-- 
GitLab