ITS#9640 ACL: fix buffer overflow

author Ondřej Kuzník <ondra@mistotebe.net>

Fri, 24 Apr 2026 12:00:36 +0000 (13:00 +0100)

committer Quanah Gibson-Mount <quanah@openldap.org>

Tue, 28 Apr 2026 17:33:10 +0000 (17:33 +0000)
author Ondřej Kuzník <ondra@mistotebe.net>
Fri, 24 Apr 2026 12:00:36 +0000 (13:00 +0100)
committer Quanah Gibson-Mount <quanah@openldap.org>
Tue, 28 Apr 2026 17:33:10 +0000 (17:33 +0000)
diff --git a/servers/slapd/aclparse.c b/servers/slapd/aclparse.c

index 4f8d1c815534fbf270fff5ba5fc7413dcd3638ac..bf93e7dd3ef9bcdaf5c8e6d18df429f302dac9fb 100644 (file)
--- a/servers/slapd/aclparse.c
+++ b/servers/slapd/aclparse.c
@@ -1997,17 +1997,21 @@ accessmask2str( slap_mask_t mask, char *buf, int debug )
                 none = 0;
                 *ptr++ = 'w';
  
-       } else if ( ACL_PRIV_ISSET(mask, ACL_PRIV_WADD) ) {
-               none = 0;
-               *ptr++ = 'a';
+       } else {
+               if ( ACL_PRIV_ISSET(mask, ACL_PRIV_WADD) ) {
+                       none = 0;
+                       *ptr++ = 'a';
  
-       } else if ( ACL_PRIV_ISSET(mask, ACL_PRIV_WDEL) ) {
-               none = 0;
-               *ptr++ = 'z';
+               }
+               if ( ACL_PRIV_ISSET(mask, ACL_PRIV_WDEL) ) {
+                       none = 0;
+                       *ptr++ = 'z';
  
-       } else if ( ACL_PRIV_ISSET(mask, ACL_PRIV_WINCR) ) {
-               none = 0;
-               *ptr++ = 'i';
+               }
+               if ( ACL_PRIV_ISSET(mask, ACL_PRIV_WINCR) ) {
+                       none = 0;
+                       *ptr++ = 'i';
+               }
         }
  
         if ( ACL_PRIV_ISSET(mask, ACL_PRIV_READ) ) {
diff --git a/servers/slapd/proto-slap.h b/servers/slapd/proto-slap.h

index 52d9c87b049636bbe01551815ac40fdceec35c45..41a36904dc25f12a275f4000f0b7cd8400e276ca 100644 (file)
--- a/servers/slapd/proto-slap.h
+++ b/servers/slapd/proto-slap.h
@@ -105,7 +105,7 @@ LDAP_SLAPD_F (int) parse_acl LDAP_P(( struct config_args_s *ca, int pos ));
  LDAP_SLAPD_F (char *) access2str LDAP_P(( slap_access_t access ));
  LDAP_SLAPD_F (slap_access_t) str2access LDAP_P(( const char *str ));
  
-#define ACCESSMASK_MAXLEN      sizeof("unknown (+wrscan)")
+#define ACCESSMASK_MAXLEN      sizeof("unknown (+mazirscxd)")
  LDAP_SLAPD_F (char *) accessmask2str LDAP_P(( slap_mask_t mask, char*, int debug ));
  LDAP_SLAPD_F (slap_mask_t) str2accessmask LDAP_P(( const char *str ));
  LDAP_SLAPD_F (void) acl_unparse LDAP_P(( AccessControl*, struct berval* ));
author	Ondřej Kuzník <ondra@mistotebe.net>
	Fri, 24 Apr 2026 12:00:36 +0000 (13:00 +0100)
committer	Quanah Gibson-Mount <quanah@openldap.org>
	Tue, 28 Apr 2026 17:33:10 +0000 (17:33 +0000)
servers/slapd/aclparse.c		patch \| blob \| blame \| history
servers/slapd/proto-slap.h		patch \| blob \| blame \| history