From 796ea09d9a2f2497936de62e69363f80eef0cc21 Mon Sep 17 00:00:00 2001
From: Quanah Gibson-Mount <quanah@openldap.org>
Date: Thu, 10 Jun 2010 19:48:06 +0000
Subject: [PATCH] ITS#6570

---
 CHANGES                     |  1 +
 servers/slapd/dn.c          | 11 ++++++-----
 servers/slapd/modrdn.c      |  9 ++++++++-
 servers/slapd/schema_init.c |  3 ++-
 4 files changed, 17 insertions(+), 7 deletions(-)

diff --git a/CHANGES b/CHANGES
index 09f3306bea..0c064721c1 100644
--- a/CHANGES
+++ b/CHANGES
@@ -5,6 +5,7 @@ OpenLDAP 2.4.23 Engineering
 	Fixed libldap memleaks (ITS#6568)
 	Fixed liblutil off-by-one with delta (ITS#6541)
 	Fixed slapd syncrepl rid logging (ITS#6533)
+	Fixed slapd modrdn handling of invalid values (ITS#6570)
 	Fixed slapd-bdb hasSubordinates computation (ITS#6549)
 	Fixed slapo-ppolicy to use Debug (ITS#6566)
 	Fixed slapo-rwm to use Debug (ITS#6566)
diff --git a/servers/slapd/dn.c b/servers/slapd/dn.c
index e898942501..6383a7b2bf 100644
--- a/servers/slapd/dn.c
+++ b/servers/slapd/dn.c
@@ -302,16 +302,13 @@ LDAPRDN_rewrite( LDAPRDN rdn, unsigned flags, void *ctx )
 		ava->la_attr = ad->ad_cname;
 
 		if( ava->la_flags & LDAP_AVA_BINARY ) {
-			if( ava->la_value.bv_len == 0 ) {
-				/* BER encoding is empty */
-				return LDAP_INVALID_SYNTAX;
-			}
+			/* AVA is binary encoded, not supported */
+			return LDAP_INVALID_SYNTAX;
 
 			/* Do not allow X-ORDERED 'VALUES' naming attributes */
 		} else if( ad->ad_type->sat_flags & SLAP_AT_ORDERED_VAL ) {
 			return LDAP_INVALID_SYNTAX;
 
-			/* AVA is binary encoded, don't muck with it */
 		} else if( flags & SLAP_LDAPDN_PRETTY ) {
 			transf = ad->ad_type->sat_syntax->ssyn_pretty;
 			if( !transf ) {
@@ -379,6 +376,10 @@ LDAPRDN_rewrite( LDAPRDN rdn, unsigned flags, void *ctx )
 			ava->la_value = bv;
 			ava->la_flags |= LDAP_AVA_FREE_VALUE;
 		}
+		/* reject empty values */
+		if (!ava->la_value.bv_len) {
+			return LDAP_INVALID_SYNTAX;
+		}
 	}
 	rc = LDAP_SUCCESS;
 
diff --git a/servers/slapd/modrdn.c b/servers/slapd/modrdn.c
index b4f85f7e55..e2e4bf00ce 100644
--- a/servers/slapd/modrdn.c
+++ b/servers/slapd/modrdn.c
@@ -445,12 +445,19 @@ slap_modrdn2mods(
 		mod_tmp->sml_values[1].bv_val = NULL;
 		if( desc->ad_type->sat_equality->smr_normalize) {
 			mod_tmp->sml_nvalues = ( BerVarray )ch_malloc( 2 * sizeof( struct berval ) );
-			(void) (*desc->ad_type->sat_equality->smr_normalize)(
+			rs->sr_err = desc->ad_type->sat_equality->smr_normalize(
 				SLAP_MR_EQUALITY|SLAP_MR_VALUE_OF_ASSERTION_SYNTAX,
 				desc->ad_type->sat_syntax,
 				desc->ad_type->sat_equality,
 				&mod_tmp->sml_values[0],
 				&mod_tmp->sml_nvalues[0], NULL );
+			if (rs->sr_err != LDAP_SUCCESS) {
+				ch_free(mod_tmp->sml_nvalues);
+				ch_free(mod_tmp->sml_values[0].bv_val);
+				ch_free(mod_tmp->sml_values);
+				ch_free(mod_tmp);
+				goto done;
+			}
 			mod_tmp->sml_nvalues[1].bv_val = NULL;
 		} else {
 			mod_tmp->sml_nvalues = NULL;
diff --git a/servers/slapd/schema_init.c b/servers/slapd/schema_init.c
index dc7fb9c583..82ff09d06d 100644
--- a/servers/slapd/schema_init.c
+++ b/servers/slapd/schema_init.c
@@ -1735,8 +1735,9 @@ UTF8StringNormalize(
 		? LDAP_UTF8_APPROX : 0;
 
 	val = UTF8bvnormalize( val, &tmp, flags, ctx );
+	/* out of memory or syntax error, the former is unlikely */
 	if( val == NULL ) {
-		return LDAP_OTHER;
+		return LDAP_INVALID_SYNTAX;
 	}
 	
 	/* collapse spaces (in place) */
-- 
GitLab