Print this page
12236 getmembers_DN doesn't properly handle errors from __ns_ldap_dn2uid
12240 nss_ldap does not properly look up group members by distinguished name

@@ -21,10 +21,11 @@
 /*
  * Copyright 2008 Sun Microsystems, Inc.  All rights reserved.
  * Use is subject to license terms.
  *
  * Copyright 2017 Nexenta Systems, Inc.  All rights reserved.
+ * Copyright 2020 Joyent, Inc.
  */
 
 #include <grp.h>
 #include "ldap_common.h"
 #include <string.h>

@@ -237,11 +238,11 @@
         ns_ldap_error_t *error = NULL;
         char    *member_dn, *member_uid;
         char    *buffer;
         int     buflen;
         int     i, len;
-        int     nss_result = 0;
+        int     nss_result = 0; /* used by TEST_AND_ADJUST macro */
         int     firsttime;
 
         buffer = *bufpp;
         buflen = *lenp;
         firsttime = (buffer[-1] == ':');

@@ -261,13 +262,12 @@
                     member_dn);
 #endif
                 if (member_dn[0] == '\0')
                         continue;
 
-                nss_result = __ns_ldap_dn2uid(member_dn,
-                    &member_uid, NULL, &error);
-                if (nss_result != NS_LDAP_SUCCESS) {
+                if (__ns_ldap_dn2uid(member_dn,
+                    &member_uid, NULL, &error) != NS_LDAP_SUCCESS) {
                         (void) __ns_ldap_freeError(&error);
                         error = NULL;
                         continue;
                 }
 #ifdef DEBUG