From 7d8c18a475c5b51edefae8f2b047e18bb8ec6200 Mon Sep 17 00:00:00 2001
From: =?utf8?q?Ond=C5=99ej=20Kuzn=C3=ADk?= <ondra@mistotebe.net>
Date: Fri, 24 Apr 2026 13:00:36 +0100
Subject: [PATCH] ITS#9640 ACL: fix buffer overflow

---
 servers/slapd/aclparse.c   | 22 +++++++++++++---------
 servers/slapd/proto-slap.h |  2 +-
 2 files changed, 14 insertions(+), 10 deletions(-)

diff --git a/servers/slapd/aclparse.c b/servers/slapd/aclparse.c
index 4f8d1c8155..bf93e7dd3e 100644
--- a/servers/slapd/aclparse.c
+++ b/servers/slapd/aclparse.c
@@ -1997,17 +1997,21 @@ accessmask2str( slap_mask_t mask, char *buf, int debug )
 		none = 0;
 		*ptr++ = 'w';
 
-	} else if ( ACL_PRIV_ISSET(mask, ACL_PRIV_WADD) ) {
-		none = 0;
-		*ptr++ = 'a';
+	} else {
+		if ( ACL_PRIV_ISSET(mask, ACL_PRIV_WADD) ) {
+			none = 0;
+			*ptr++ = 'a';
 
-	} else if ( ACL_PRIV_ISSET(mask, ACL_PRIV_WDEL) ) {
-		none = 0;
-		*ptr++ = 'z';
+		}
+		if ( ACL_PRIV_ISSET(mask, ACL_PRIV_WDEL) ) {
+			none = 0;
+			*ptr++ = 'z';
 
-	} else if ( ACL_PRIV_ISSET(mask, ACL_PRIV_WINCR) ) {
-		none = 0;
-		*ptr++ = 'i';
+		}
+		if ( ACL_PRIV_ISSET(mask, ACL_PRIV_WINCR) ) {
+			none = 0;
+			*ptr++ = 'i';
+		}
 	}
 
 	if ( ACL_PRIV_ISSET(mask, ACL_PRIV_READ) ) {
diff --git a/servers/slapd/proto-slap.h b/servers/slapd/proto-slap.h
index 52d9c87b04..41a36904dc 100644
--- a/servers/slapd/proto-slap.h
+++ b/servers/slapd/proto-slap.h
@@ -105,7 +105,7 @@ LDAP_SLAPD_F (int) parse_acl LDAP_P(( struct config_args_s *ca, int pos ));
 LDAP_SLAPD_F (char *) access2str LDAP_P(( slap_access_t access ));
 LDAP_SLAPD_F (slap_access_t) str2access LDAP_P(( const char *str ));
 
-#define ACCESSMASK_MAXLEN	sizeof("unknown (+wrscan)")
+#define ACCESSMASK_MAXLEN	sizeof("unknown (+mazirscxd)")
 LDAP_SLAPD_F (char *) accessmask2str LDAP_P(( slap_mask_t mask, char*, int debug ));
 LDAP_SLAPD_F (slap_mask_t) str2accessmask LDAP_P(( const char *str ));
 LDAP_SLAPD_F (void) acl_unparse LDAP_P(( AccessControl*, struct berval* ));
-- 
2.47.3