When removing the last value from an attribute in ldap_del_values()

the actuall attribute needs to removed instead of leaving back an empty attribute. Empty attributes are not valid and fail later on in ldap_modify(). By calling ldap_del_attribute() in this case properly removes the attribute and with that validate_entry() no longer fails later on. OK jmatthew@
2024-12-22 07:27:59 -08:00 · 2021-12-20 13:26:11 +00:00 · 2021-12-20 13:26:11 +00:00 · 5387241f85
commit 5387241f85
parent 684a6a8c3a
2 changed files with 8 additions and 4 deletions
--- a/usr.sbin/ldapd/attributes.c
+++ b/usr.sbin/ldapd/attributes.c
@ -1,4 +1,4 @@
-/*	$OpenBSD: attributes.c,v 1.6 2019/10/24 12:39:26 tb Exp $ */
+/*	$OpenBSD: attributes.c,v 1.7 2021/12/20 13:26:11 claudio Exp $ */

 /*
 * Copyright (c) 2009 Martin Hedenfalk <martin@bzero.se>
@ -181,7 +181,7 @@ ldap_del_attribute(struct ber_element *entry, const char *attrdesc)

 	attr = entry->be_sub;
 	while (attr) {
-		if (ober_scanf_elements(attr, "{s(", &s) != 0) {
+		if (ober_scanf_elements(attr, "{s", &s) != 0) {
 			log_warnx("failed to parse attribute");
 			return -1;
 		}
@ -241,6 +241,9 @@ ldap_del_values(struct ber_element *elm, struct ber_element *vals)
 		}
 	}

+	if (old_vals->be_sub == NULL)
+		return 1;
+
 	return 0;
 }

--- a/usr.sbin/ldapd/modify.c
+++ b/usr.sbin/ldapd/modify.c
@ -1,4 +1,4 @@
-/*	$OpenBSD: modify.c,v 1.23 2019/10/24 12:39:26 tb Exp $ */
+/*	$OpenBSD: modify.c,v 1.24 2021/12/20 13:26:11 claudio Exp $ */

 /*
 * Copyright (c) 2009, 2010 Martin Hedenfalk <martin@bzero.se>
@ -334,7 +334,8 @@ ldap_modify(struct request *req)
 			 */
 			if (vals->be_sub &&
 			    vals->be_sub->be_type == BER_TYPE_OCTETSTRING) {
-				ldap_del_values(a, vals);
+				if (ldap_del_values(a, vals) == 1)
+					ldap_del_attribute(entry, attr);
 			} else {
 				ldap_del_attribute(entry, attr);
 			}