From e24c33670acaf038ca6c10c36190bee14c828151 Mon Sep 17 00:00:00 2001
From: Quanah Gibson-Mount <quanah@openldap.org>
Date: Tue, 24 Nov 2009 03:56:59 +0000
Subject: [PATCH] ITS#6400

---
 CHANGES                            |  1 +
 servers/slapd/overlays/accesslog.c | 11 ++++++-----
 2 files changed, 7 insertions(+), 5 deletions(-)

diff --git a/CHANGES b/CHANGES
index 1b8724bab8..431e152b57 100644
--- a/CHANGES
+++ b/CHANGES
@@ -32,6 +32,7 @@ OpenLDAP 2.4.20 Engineering
 	Fixed slapd-bdb/hdb entry cache (ITS#6360)
 	Fixed slapd-ldap leak (ITS#6326)
 	Fixed slapd-relay bind segfault (ITS#6337)
+	Fixed slapo-accesslog ensure CSNs are normalized (ITS#6400)
 	Fixed slapo-memberof operational attr updates (ITS#6329)
 	Fixed slapo-pcache entry dupe (ITS#6310)
 	Fixed slapo-syncprov checkpoint conversion (ITS#6370)
diff --git a/servers/slapd/overlays/accesslog.c b/servers/slapd/overlays/accesslog.c
index 967d56fd18..1757a93097 100644
--- a/servers/slapd/overlays/accesslog.c
+++ b/servers/slapd/overlays/accesslog.c
@@ -580,11 +580,12 @@ log_old_lookup( Operation *op, SlapReply *rs )
 	a = attr_find( rs->sr_entry->e_attrs,
 		slap_schema.si_ad_entryCSN );
 	if ( a ) {
-		ber_len_t len = a->a_vals[0].bv_len;
-		if ( len > pd->csn.bv_len )
-			len = pd->csn.bv_len;
-		if ( memcmp( a->a_vals[0].bv_val, pd->csn.bv_val, len ) > 0 ) {
-			AC_MEMCPY( pd->csn.bv_val, a->a_vals[0].bv_val, len );
+		ber_len_t len = a->a_nvals[0].bv_len;
+		/* Paranoid len check, normalized CSNs are always the same length */
+		if ( len > LDAP_PVT_CSNSTR_BUFSIZE )
+			len = LDAP_PVT_CSNSTR_BUFSIZE;
+		if ( memcmp( a->a_nvals[0].bv_val, pd->csn.bv_val, len ) > 0 ) {
+			AC_MEMCPY( pd->csn.bv_val, a->a_nvals[0].bv_val, len );
 			pd->csn.bv_len = len;
 		}
 	}
-- 
GitLab