ITS#9014 fix component match parsing errors

diff --git a/servers/slapd/component.c b/servers/slapd/component.c
index 0995f1b6e44c1b1401a4326f67adb8fb0b9cad8d..f00085c8edf6a27b43456abd58b15121521d892b 100644 (file)
--- a/servers/slapd/component.c
+++ b/servers/slapd/component.c
@@ -347,7 +347,7 @@ get_comp_filter( Operation* op, struct berval* bv,
                return rc;
        }
        rc = parse_comp_filter( op, &cav, filt, text );
-       bv->bv_val = cav.cav_ptr;
+       /* bv->bv_val = cav.cav_ptr; */
 
        return rc;
 }
@@ -1067,7 +1067,7 @@ parse_comp_filter( Operation* op, ComponentAssertionValue* cav,
         */
 
        ber_tag_t       tag;
-       int             err;
+       int             err = LDAP_SUCCESS;
        ComponentFilter f;
        /* TAG : item, and, or, not in RFC 4515 */
        tag = strip_cav_tag( cav );
@@ -1077,10 +1077,11 @@ parse_comp_filter( Operation* op, ComponentAssertionValue* cav,
                return LDAP_PROTOCOL_ERROR;
        }
 
-       if ( tag != LDAP_COMP_FILTER_NOT )
-               strip_cav_str( cav, "{");
-
-       err = LDAP_SUCCESS;
+       if ( tag != LDAP_COMP_FILTER_NOT ) {
+               err = strip_cav_str( cav, "{");
+               if ( err )
+                       goto invalid;
+       }
 
        f.cf_next = NULL;
        f.cf_choice = tag; 
@@ -1154,13 +1155,14 @@ parse_comp_filter( Operation* op, ComponentAssertionValue* cav,
                break;
        }
 
+invalid:
        if ( err != LDAP_SUCCESS && err != SLAPD_DISCONNECT ) {
                *text = "Component Filter Syntax Error";
                return err;
        }
 
        if ( tag != LDAP_COMP_FILTER_NOT )
-               strip_cav_str( cav, "}");
+               err = strip_cav_str( cav, "}");
 
        if ( err == LDAP_SUCCESS ) {
                if ( op ) {

diff --git a/servers/slapd/schema_init.c b/servers/slapd/schema_init.c
index da477ad3da18ab7561389107c96e182060574b9d..d7856f6de8e8fe02c2aa89541da1fba4a6c0800c 100644 (file)
--- a/servers/slapd/schema_init.c
+++ b/servers/slapd/schema_init.c
@@ -327,6 +327,9 @@ certificateValidate( Syntax *syntax, struct berval *in )
        ber_len_t len;
        ber_int_t version = SLAP_X509_V1;
 
+       if ( BER_BVISNULL( in ) || BER_BVISEMPTY( in ))
+               return LDAP_INVALID_SYNTAX;
+
        ber_init2( ber, in, LBER_USE_DER );
        tag = ber_skip_tag( ber, &len );        /* Signed wrapper */
        if ( tag != LBER_SEQUENCE ) return LDAP_INVALID_SYNTAX;