Print this page
12236 getmembers_DN doesn't properly handle errors from __ns_ldap_dn2uid
12240 nss_ldap does not properly look up group members by distinguished name
*** 21,30 ****
--- 21,31 ----
/*
* Copyright 2008 Sun Microsystems, Inc. All rights reserved.
* Use is subject to license terms.
*
* Copyright 2017 Nexenta Systems, Inc. All rights reserved.
+ * Copyright 2020 Joyent, Inc.
*/
#include <grp.h>
#include "ldap_common.h"
#include <string.h>
*** 237,247 ****
ns_ldap_error_t *error = NULL;
char *member_dn, *member_uid;
char *buffer;
int buflen;
int i, len;
! int nss_result = 0;
int firsttime;
buffer = *bufpp;
buflen = *lenp;
firsttime = (buffer[-1] == ':');
--- 238,248 ----
ns_ldap_error_t *error = NULL;
char *member_dn, *member_uid;
char *buffer;
int buflen;
int i, len;
! int nss_result = 0; /* used by TEST_AND_ADJUST macro */
int firsttime;
buffer = *bufpp;
buflen = *lenp;
firsttime = (buffer[-1] == ':');
*** 261,273 ****
member_dn);
#endif
if (member_dn[0] == '\0')
continue;
! nss_result = __ns_ldap_dn2uid(member_dn,
! &member_uid, NULL, &error);
! if (nss_result != NS_LDAP_SUCCESS) {
(void) __ns_ldap_freeError(&error);
error = NULL;
continue;
}
#ifdef DEBUG
--- 262,273 ----
member_dn);
#endif
if (member_dn[0] == '\0')
continue;
! if (__ns_ldap_dn2uid(member_dn,
! &member_uid, NULL, &error) != NS_LDAP_SUCCESS) {
(void) __ns_ldap_freeError(&error);
error = NULL;
continue;
}
#ifdef DEBUG