Print this page
12236 getmembers_DN doesn't properly handle errors from __ns_ldap_dn2uid
12240 nss_ldap does not properly look up group members by distinguished name

*** 21,30 **** --- 21,31 ---- /* * Copyright 2008 Sun Microsystems, Inc. All rights reserved. * Use is subject to license terms. * * Copyright 2017 Nexenta Systems, Inc. All rights reserved. + * Copyright 2020 Joyent, Inc. */ #include <grp.h> #include "ldap_common.h" #include <string.h>
*** 237,247 **** ns_ldap_error_t *error = NULL; char *member_dn, *member_uid; char *buffer; int buflen; int i, len; ! int nss_result = 0; int firsttime; buffer = *bufpp; buflen = *lenp; firsttime = (buffer[-1] == ':'); --- 238,248 ---- ns_ldap_error_t *error = NULL; char *member_dn, *member_uid; char *buffer; int buflen; int i, len; ! int nss_result = 0; /* used by TEST_AND_ADJUST macro */ int firsttime; buffer = *bufpp; buflen = *lenp; firsttime = (buffer[-1] == ':');
*** 261,273 **** member_dn); #endif if (member_dn[0] == '\0') continue; ! nss_result = __ns_ldap_dn2uid(member_dn, ! &member_uid, NULL, &error); ! if (nss_result != NS_LDAP_SUCCESS) { (void) __ns_ldap_freeError(&error); error = NULL; continue; } #ifdef DEBUG --- 262,273 ---- member_dn); #endif if (member_dn[0] == '\0') continue; ! if (__ns_ldap_dn2uid(member_dn, ! &member_uid, NULL, &error) != NS_LDAP_SUCCESS) { (void) __ns_ldap_freeError(&error); error = NULL; continue; } #ifdef DEBUG