This is an automated email from the git hooks/post-receive script.
firstyear pushed a commit to branch master
in repository 389-ds-base.
commit 1f256736a9e679f6bd1f416d5d7f6c79b117fd06
Author: Ilias Stamatis <stamatis.iliass@gmail.com>
Date: Mon Jul 31 20:14:49 2017 +0300
Issue 49309 - syntax checking on referint's delay attr
Bug Description: According to the documentation when
referint-update-delay is set to -1, it means that "No check for
referential integrity is performed". However, the server will not accept
such a value. Additionally, if we set a non-numerical value such as
a random string, the server will happily accept it.
The plugin initially sets delay's value to -1 in order to do config
validation. If a config value for delay exists it will update the
appropriate variable. In the end the plugin will check if the value of
delay was changed from -1 to something else. If not, it means that this
value is missing or there was some error.
However this is wrong because we want -1 to be valid as well.
Currently, -1 is the "default error value" for config validation of this
attribute.
Fix Description: Change the "default error value" from -1 to -2 which is
ineed an invalid value. Additionally by using strtol instead of atoi we
can also properly check if the value provided by the user is really a
number or not, and discard it in the second case.
https://pagure.io/389-ds-base/issue/49309
Author: Ilias95
Review by: mreynolds
---
ldap/servers/plugins/referint/referint.c | 16 ++++++++++++----
1 file changed, 12 insertions(+), 4 deletions(-)
diff --git a/ldap/servers/plugins/referint/referint.c b/ldap/servers/plugins/referint/referint.c
index 20c4573..2d3d973 100644
--- a/ldap/servers/plugins/referint/referint.c
+++ b/ldap/servers/plugins/referint/referint.c
@@ -311,13 +311,21 @@ load_config(Slapi_PBlock *pb, Slapi_Entry *config_entry, int apply)
rc = SLAPI_PLUGIN_FAILURE;
goto done;
} else {
- /* set these to -1 for config validation */
- tmp_config->delay = -1;
+ /* set these for config validation */
+ tmp_config->delay = -2;
tmp_config->logchanges = -1;
}
if ((value = slapi_entry_attr_get_charptr(config_entry, REFERINT_ATTR_DELAY))) {
- tmp_config->delay = atoi(value);
+ char *endptr = NULL;
+ tmp_config->delay = strtol(value, &endptr, 10);
+ if (!(value && !*endptr) || tmp_config->delay < -1) {
+ slapi_log_err(SLAPI_LOG_ERR, REFERINT_PLUGIN_SUBSYSTEM, "load_config - invalid value \"%s\" for %s; should be >= -1\n",
+ value, REFERINT_ATTR_DELAY);
+ slapi_ch_free_string(&value);
+ rc = SLAPI_PLUGIN_FAILURE;
+ goto done;
+ }
slapi_ch_free_string(&value);
new_config_present = 1;
}
@@ -337,7 +345,7 @@ load_config(Slapi_PBlock *pb, Slapi_Entry *config_entry, int apply)
if (new_config_present) {
/* Verify we have everything we need */
- if (tmp_config->delay == -1) {
+ if (tmp_config->delay == -2) {
slapi_log_err(SLAPI_LOG_ERR, REFERINT_PLUGIN_SUBSYSTEM, "load_config - Plugin configuration is missing %s\n",
REFERINT_ATTR_DELAY);
rc = SLAPI_PLUGIN_FAILURE;
--
To stop receiving notification emails like this one, please contact
the administrator of this repository.
_______________________________________________
389-commits mailing list -- 389-commits@lists.fedoraproject.org
To unsubscribe send an email to 389-commits-leave@lists.fedoraproject.org
No comments:
Post a Comment