From: Ondřej Kuzník <ondra@mistotebe.net>
Date: Fri, 24 Apr 2026 12:00:36 +0000 (+0100)
Subject: ITS#9640 ACL: fix buffer overflow
X-Git-Url: http://git.ipfire.org/gitweb/?a=commitdiff_plain;h=HEAD;p=thirdparty%2Fopenldap.git

ITS#9640 ACL: fix buffer overflow
---

diff --git a/servers/slapd/aclparse.c b/servers/slapd/aclparse.c
index 4f8d1c8155..bf93e7dd3e 100644
--- a/servers/slapd/aclparse.c
+++ b/servers/slapd/aclparse.c
@@ -1997,17 +1997,21 @@ accessmask2str( slap_mask_t mask, char *buf, int debug )
 		none = 0;
 		*ptr++ = 'w';
 
-	} else if ( ACL_PRIV_ISSET(mask, ACL_PRIV_WADD) ) {
-		none = 0;
-		*ptr++ = 'a';
+	} else {
+		if ( ACL_PRIV_ISSET(mask, ACL_PRIV_WADD) ) {
+			none = 0;
+			*ptr++ = 'a';
 
-	} else if ( ACL_PRIV_ISSET(mask, ACL_PRIV_WDEL) ) {
-		none = 0;
-		*ptr++ = 'z';
+		}
+		if ( ACL_PRIV_ISSET(mask, ACL_PRIV_WDEL) ) {
+			none = 0;
+			*ptr++ = 'z';
 
-	} else if ( ACL_PRIV_ISSET(mask, ACL_PRIV_WINCR) ) {
-		none = 0;
-		*ptr++ = 'i';
+		}
+		if ( ACL_PRIV_ISSET(mask, ACL_PRIV_WINCR) ) {
+			none = 0;
+			*ptr++ = 'i';
+		}
 	}
 
 	if ( ACL_PRIV_ISSET(mask, ACL_PRIV_READ) ) {
diff --git a/servers/slapd/proto-slap.h b/servers/slapd/proto-slap.h
index 52d9c87b04..41a36904dc 100644
--- a/servers/slapd/proto-slap.h
+++ b/servers/slapd/proto-slap.h
@@ -105,7 +105,7 @@ LDAP_SLAPD_F (int) parse_acl LDAP_P(( struct config_args_s *ca, int pos ));
 LDAP_SLAPD_F (char *) access2str LDAP_P(( slap_access_t access ));
 LDAP_SLAPD_F (slap_access_t) str2access LDAP_P(( const char *str ));
 
-#define ACCESSMASK_MAXLEN	sizeof("unknown (+wrscan)")
+#define ACCESSMASK_MAXLEN	sizeof("unknown (+mazirscxd)")
 LDAP_SLAPD_F (char *) accessmask2str LDAP_P(( slap_mask_t mask, char*, int debug ));
 LDAP_SLAPD_F (slap_mask_t) str2accessmask LDAP_P(( const char *str ));
 LDAP_SLAPD_F (void) acl_unparse LDAP_P(( AccessControl*, struct berval* ));