ITS#9124 Check we have data to process in Cancel Exop

author Ondřej Kuzník <ondra@mistotebe.net>

Fri, 29 Nov 2019 10:03:24 +0000 (10:03 +0000)

committer Quanah Gibson-Mount <quanah@openldap.org>

Mon, 2 Dec 2019 16:08:22 +0000 (16:08 +0000)
author Ondřej Kuzník <ondra@mistotebe.net>
Fri, 29 Nov 2019 10:03:24 +0000 (10:03 +0000)
committer Quanah Gibson-Mount <quanah@openldap.org>
Mon, 2 Dec 2019 16:08:22 +0000 (16:08 +0000)
diff --git a/servers/slapd/cancel.c b/servers/slapd/cancel.c

index 43cb6dfbc2c93e4c14ec7ba0ba365e108e155b85..a17e0857cca36d5cf2c430f4d564053e56da76f2 100644 (file)
--- a/servers/slapd/cancel.c
+++ b/servers/slapd/cancel.c
@@ -34,7 +34,8 @@ int cancel_extop( Operation *op, SlapReply *rs )
         Operation *o;
         int rc;
         int opid;
-       BerElement *ber;
+       BerElementBuffer berbuf;
+       BerElement *ber = (BerElement *)&berbuf;
  
         assert( ber_bvcmp( &slap_EXOP_CANCEL, &op->ore_reqoid ) == 0 );
  
@@ -43,12 +44,14 @@ int cancel_extop( Operation *op, SlapReply *rs )
                 return LDAP_PROTOCOL_ERROR;
         }
  
-       ber = ber_init( op->ore_reqdata );
-       if ( ber == NULL ) {
-               rs->sr_text = "internal error";
-               return LDAP_OTHER;
+       if ( op->ore_reqdata->bv_len == 0 ) {
+               rs->sr_text = "empty request data field";
+               return LDAP_PROTOCOL_ERROR;
         }
  
+       /* ber_init2 uses reqdata directly, doesn't allocate new buffers */
+       ber_init2( ber, op->ore_reqdata, 0 );
+
         if ( ber_scanf( ber, "{i}", &opid ) == LBER_ERROR ) {
                 rs->sr_text = "message ID parse failed";
                 return LDAP_PROTOCOL_ERROR;
author	Ondřej Kuzník <ondra@mistotebe.net>
	Fri, 29 Nov 2019 10:03:24 +0000 (10:03 +0000)
committer	Quanah Gibson-Mount <quanah@openldap.org>
	Mon, 2 Dec 2019 16:08:22 +0000 (16:08 +0000)