From: Ondřej Kuzník <ondra@mistotebe.net>
Date: Thu, 9 Dec 2021 12:01:36 +0000 (+0000)
Subject: ITS#9768 Enforce single name per olcTranslucentLocal/olcTranslucentRemote value
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=d8331e1b81d59467558c888ce7731bb7f520d43b;p=thirdparty%2Fopenldap.git

ITS#9768 Enforce single name per olcTranslucentLocal/olcTranslucentRemote value
---

diff --git a/servers/slapd/overlays/translucent.c b/servers/slapd/overlays/translucent.c
index 654142548b..16dd1f9465 100644
--- a/servers/slapd/overlays/translucent.c
+++ b/servers/slapd/overlays/translucent.c
@@ -218,10 +218,21 @@ translucent_cf_gen( ConfigArgs *c )
 		}
 		return 0;
 	}
+
+	/* cn=config values could be deleted later, make sure we only allow one
+	 * name per value for valx to match. */
+	if ( c->op != SLAP_CONFIG_ADD && strchr( c->argv[1], ',' ) ) {
+		snprintf( c->cr_msg, sizeof( c->cr_msg ),
+			"%s: Please provide attribute names in separate values",
+			c->argv[0] );
+		goto fail;
+	}
+
 	a2 = str2anlist( *an, c->argv[1], "," );
 	if ( !a2 ) {
 		snprintf( c->cr_msg, sizeof( c->cr_msg ), "%s unable to parse attribute %s",
 			c->argv[0], c->argv[1] );
+fail:
 		Debug( LDAP_DEBUG_CONFIG|LDAP_DEBUG_NONE,
 			"%s: %s\n", c->log, c->cr_msg );
 		return ARG_BAD_CONF;