From: Howard Chu <hyc@openldap.org>
Date: Wed, 28 Oct 2020 16:50:23 +0000 (+0000)
Subject: ITS#9379 reject listener URLs with non-empty DNs
X-Git-Tag: OPENLDAP_REL_ENG_2_4_56~3
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=c72c327830e06e87324f6051babe62ca8098bfc2;p=thirdparty%2Fopenldap.git

ITS#9379 reject listener URLs with non-empty DNs
---

diff --git a/servers/slapd/daemon.c b/servers/slapd/daemon.c
index acc8fbadbe..449f2bb542 100644
--- a/servers/slapd/daemon.c
+++ b/servers/slapd/daemon.c
@@ -1423,6 +1423,14 @@ slap_open_listener(
 	}
 #endif /* LDAP_PF_LOCAL || SLAP_X_LISTENER_MOD */
 
+	if ( lud->lud_dn && lud->lud_dn[0] ) {
+		sprintf( (char *)url, "%s://%s/", lud->lud_scheme, lud->lud_host );
+		Debug( LDAP_DEBUG_ANY, "daemon: listener URL %s<junk> DN must be absent (%s)\n",
+			url, lud->lud_dn );
+		ldap_free_urldesc( lud );
+		return -1;
+	}
+
 	ldap_free_urldesc( lud );
 	if ( err ) {
 		slap_free_listener_addresses(sal);