[Pkg-openldap-devel] Bug#712148: slapd aborts when using autogroup module and a labeledURI without attribute specification

[Landry Breuil]

Package: slapd
Version: 2.4.31-1+nmu2
Tags: patch

When using autogroup contrib module on wheezy (same with sid) with slapd, if i
try to create an autogroup entry such as

dn: cn=SV_REVIEWER,ou=groups,dc=example,dc=org
objectClass: labeledURIObject
objectClass: posixGroup
gidNumber: 10
labeledURI: ldap:///ou=people,dc=example,dc=org??one?(&(objectClass=inetOrgPerson)(o=myorg))

slapd will abort in the call to modify_add_values() in
autogroup_member_search_cb() because the former receives garbage from the
memory.

I've reported this issue upstream as
http://www.openldap.org/its/index.cgi/Incoming?id=7580, and finally found out a
potential patch to fix the issue posted there, and also attached to that mail
(the patch is against upstream git master but applies fine with fuzz to 2.4.31
tarball).  It fixes the issue for me.

Please consider applying it (once it's been commited upstream of course) and
backporting to wheezy if possible.

Landry
-------------- next part --------------
diff --git a/contrib/slapd-modules/autogroup/autogroup.c b/contrib/slapd-modules/autogroup/autogroup.c
index 06e1407..091a42f 100644
--- a/contrib/slapd-modules/autogroup/autogroup.c
+++ b/contrib/slapd-modules/autogroup/autogroup.c
@@ -331,6 +331,7 @@ autogroup_member_search_cb( Operation *op, SlapReply *rs )
 		const char		*text = NULL;
 		char			textbuf[1024];
 		struct berval		*vals, *nvals;
+		struct berval		lvals[ 2 ], lnvals[ 2 ];
 		int			numvals;
 
 		Debug(LDAP_DEBUG_TRACE, "==> autogroup_member_search_cb <%s>\n",
@@ -347,7 +348,6 @@ autogroup_member_search_cb( Operation *op, SlapReply *rs )
 				return 0;
 			}
 		} else {
-			struct berval		lvals[ 2 ], lnvals[ 2 ];
 			lvals[ 0 ] = rs->sr_entry->e_name;
 			BER_BVZERO( &lvals[ 1 ] );
 			lnvals[ 0 ] = rs->sr_entry->e_nname;