$OpenBSD: patch-servers_slapd_dn_c,v 1.1.1.1 2011/01/07 10:17:04 pea Exp $

SECURITY FIX

Resolves CVE-2010-0211 and CVE-2010-0212 (ITS#6570)
from upstream


--- servers/slapd/dn.c.orig	Mon Feb 11 18:24:16 2008
+++ servers/slapd/dn.c	Tue Aug  3 10:24:27 2010
@@ -352,12 +352,9 @@ LDAPRDN_rewrite( LDAPRDN rdn, unsigned flags, void *ct
 		ava->la_attr = ad->ad_cname;
 
 		if( ava->la_flags & LDAP_AVA_BINARY ) {
-			if( ava->la_value.bv_len == 0 ) {
-				/* BER encoding is empty */
-				return LDAP_INVALID_SYNTAX;
-			}
+			/* AVA is binary encoded, not supported */
+			return LDAP_INVALID_SYNTAX;
 
-			/* AVA is binary encoded, don't muck with it */
 		} else if( flags & SLAP_LDAPDN_PRETTY ) {
 			transf = ad->ad_type->sat_syntax->ssyn_pretty;
 			if( !transf ) {
@@ -424,6 +421,10 @@ LDAPRDN_rewrite( LDAPRDN rdn, unsigned flags, void *ct
 				ber_memfree_x( ava->la_value.bv_val, ctx );
 			ava->la_value = bv;
 			ava->la_flags |= LDAP_AVA_FREE_VALUE;
+		}
+		/* reject empty values */
+		if (!ava->la_value.bv_len) {
+			return LDAP_INVALID_SYNTAX;
 		}
 	}
 	rc = LDAP_SUCCESS;