From 203d4f1892fd6be9c0b89231ae87a73cff190842 Mon Sep 17 00:00:00 2001
From: Kurt Zeilenga <kurt@openldap.org>
Date: Sat, 23 Mar 2002 23:18:42 +0000
Subject: [PATCH] ACL fixes from devel

---
 servers/slapd/acl.c        | 12 ++++++++++--
 servers/slapd/str2filter.c |  2 +-
 tests/data/slapd-acl.conf  |  7 +++++++
 3 files changed, 18 insertions(+), 3 deletions(-)

diff --git a/servers/slapd/acl.c b/servers/slapd/acl.c
index 968cd85785..c08c2a2eea 100644
--- a/servers/slapd/acl.c
+++ b/servers/slapd/acl.c
@@ -555,7 +555,7 @@ acl_mask(
 			}
 		}
 
-		if ( b->a_dn_at != NULL && op->o_ndn != NULL ) {
+		if ( b->a_dn_at != NULL ) {
 			Attribute	*at;
 			struct berval	bv;
 			int rc, match = 0;
@@ -564,6 +564,10 @@ acl_mask(
 
 			assert( attr != NULL );
 
+			if( op->o_ndn == NULL || op->o_ndn[0] == '\0' ) {
+				continue;
+			}
+
 			Debug( LDAP_DEBUG_ACL, "<= check a_dn_at: %s\n",
 				attr, 0, 0);
 			bv.bv_val = op->o_ndn;
@@ -621,9 +625,13 @@ acl_mask(
 			}
 		}
 
-		if ( b->a_group_pat != NULL && op->o_ndn != NULL ) {
+		if ( b->a_group_pat != NULL ) {
 			char buf[1024];
 
+			if( op->o_ndn == NULL || op->o_ndn[0] == '\0' ) {
+				continue;
+			}
+
 			/* b->a_group is an unexpanded entry name, expanded it should be an 
 			 * entry with objectclass group* and we test to see if odn is one of
 			 * the values in the attribute group
diff --git a/servers/slapd/str2filter.c b/servers/slapd/str2filter.c
index 0e6f7c426d..e01ce3f3f4 100644
--- a/servers/slapd/str2filter.c
+++ b/servers/slapd/str2filter.c
@@ -247,7 +247,7 @@ str2subvals( const char *in, Filter *f )
 	val = freeme = ch_strdup( in );
 	gotstar = 0;
 
-	while ( *val ) {
+	while ( val && *val ) {
 		if ( (nextstar = ldap_pvt_find_wildcard( val )) != NULL )
 			*nextstar++ = '\0';
 
diff --git a/tests/data/slapd-acl.conf b/tests/data/slapd-acl.conf
index 8c2cf15025..5070d6b2d1 100644
--- a/tests/data/slapd-acl.conf
+++ b/tests/data/slapd-acl.conf
@@ -49,9 +49,16 @@ access		to attr=member
 		by dnattr=member selfwrite
 		by * read
 
+access		to attr=member filter=(mail=*edu)
+		by * read
+
 access		to filter="objectclass=groupofnames"
 		by dn.base="cn=Bjorn Jensen, ou=Information Technology Division, ou=People, o=University of Michigan,c=US" =sc continue
 		by dn="^cn=Bjorn Jensen,ou=Information Technology Division,ou=People,o=University of Michigan,c=US$" +rw stop
 		by * break
 
+	
+
 # fall into global ACLs
+
+
-- 
GitLab