From 737f21bd9d2032b80d46b6e4a7d896dc9e1cdb32 Mon Sep 17 00:00:00 2001
From: Andrew Bartlett <abartlet@samba.org>
Date: Fri, 25 Sep 2009 08:06:37 -0700
Subject: s4:ldap_server Ensure we don't segfault when sent a NULL new RDN

The Microsoft testsuite tried to rename
cn=administrator,cn=users,... into "",cn=users... which didn't go so well.

Andrew Bartlett
---
 source4/ldap_server/ldap_backend.c | 11 +++++++----
 1 file changed, 7 insertions(+), 4 deletions(-)

(limited to 'source4/ldap_server')

diff --git a/source4/ldap_server/ldap_backend.c b/source4/ldap_server/ldap_backend.c
index 27b9c879bb..7bbc6795d3 100644
--- a/source4/ldap_server/ldap_backend.c
+++ b/source4/ldap_server/ldap_backend.c
@@ -750,6 +750,12 @@ static NTSTATUS ldapsrv_ModifyDNRequest(struct ldapsrv_call *call)
 	DEBUG(10, ("ModifyDNRequest: olddn: [%s]\n", req->dn));
 	DEBUG(10, ("ModifyDNRequest: newrdn: [%s]\n", req->newrdn));
 
+	if (ldb_dn_get_comp_num(req->newrdn) != 1) {
+		result = LDAP_INVALID_DN_SYNTAX;
+		map_ldb_error(local_ctx, LDB_ERR_INVALID_DN_SYNTAX, &errstr);
+		goto reply;
+	}
+
 	/* we can't handle the rename if we should not remove the old dn */
 	if (!req->deleteolddn) {
 		result = LDAP_UNWILLING_TO_PERFORM;
@@ -779,10 +785,7 @@ static NTSTATUS ldapsrv_ModifyDNRequest(struct ldapsrv_call *call)
 		NT_STATUS_HAVE_NO_MEMORY(parentdn);
 	}
 
-	if ( ! ldb_dn_add_child_fmt(parentdn,
-				"%s=%s",
-				ldb_dn_get_rdn_name(newrdn),
-				(char *)ldb_dn_get_rdn_val(newrdn)->data)) {
+	if ( ! ldb_dn_add_child(parentdn, newrdn)) {
 		result = LDAP_OTHER;
 		goto reply;
 	}
-- 
cgit