Print this page
12236 getmembers_DN doesn't properly handle errors from __ns_ldap_dn2uid
12240 nss_ldap does not properly look up group members by distinguished name
@@ -21,10 +21,11 @@
/*
* Copyright 2008 Sun Microsystems, Inc. All rights reserved.
* Use is subject to license terms.
*
* Copyright 2017 Nexenta Systems, Inc. All rights reserved.
+ * Copyright 2020 Joyent, Inc.
*/
#include <grp.h>
#include "ldap_common.h"
#include <string.h>
@@ -237,11 +238,11 @@
ns_ldap_error_t *error = NULL;
char *member_dn, *member_uid;
char *buffer;
int buflen;
int i, len;
- int nss_result = 0;
+ int nss_result = 0; /* used by TEST_AND_ADJUST macro */
int firsttime;
buffer = *bufpp;
buflen = *lenp;
firsttime = (buffer[-1] == ':');
@@ -261,13 +262,12 @@
member_dn);
#endif
if (member_dn[0] == '\0')
continue;
- nss_result = __ns_ldap_dn2uid(member_dn,
- &member_uid, NULL, &error);
- if (nss_result != NS_LDAP_SUCCESS) {
+ if (__ns_ldap_dn2uid(member_dn,
+ &member_uid, NULL, &error) != NS_LDAP_SUCCESS) {
(void) __ns_ldap_freeError(&error);
error = NULL;
continue;
}
#ifdef DEBUG