In util_ldap.h there is a use of an enum in util_ldap.h (struct
util_ldap_connection_t) with the assumption that it is of length int.
Similar enum in aaa/mod_authnz_ldap.c.
As the size of an enum is indeterminate this call in util_ldap.c may/may
not get a valid value based on how the compiler handles it:
ldap_set_option(ldc->ldap, LDAP_OPT_DEREF, &(ldc->deref));
By changing the stuct to use an int type for deref instead of deref_options
we guarantee valid behavior.
Index: httpd-trunk/include/util_ldap.h
===================================================================
--- httpd-trunk/include/util_ldap.h (revision 494665)
+++ httpd-trunk/include/util_ldap.h (working copy)
@@ -92,7 +92,7 @@
const char *host; /* Name of the LDAP server (or
space separated list) */
int port; /* Port of the LDAP server */
- deref_options deref; /* how to handle alias dereferening
*/
+ int deref; /* how to handle alias dereferening
*/
const char *binddn; /* DN to bind to server (can be
NULL) */
const char *bindpw; /* Password to bind to server (can
be NULL) */
@@ -202,11 +202,11 @@
* use this connection while it is busy. Once you are finished with a
connection,
* apr_ldap_connection_close() must be called to release this
connection.
* @deffunc util_ldap_connection_t *util_ldap_connection_find(request_rec
*r, const char *host, int port,
- * const char
*binddn, const char *bindpw, deref_options deref,
+ * const char
*binddn, const char *bindpw, int deref,
* int
netscapessl, int starttls)
*/
APR_DECLARE_OPTIONAL_FN(util_ldap_connection_t
*,uldap_connection_find,(request_rec *r, const char *host, int port,
- const char *binddn, const
char *bindpw, deref_options deref,
+ const char *binddn, const
char *bindpw, int deref,
int secure));
/**
Index: httpd-trunk/modules/ldap/util_ldap.c
===================================================================
--- httpd-trunk/modules/ldap/util_ldap.c (revision 510991)
+++ httpd-trunk/modules/ldap/util_ldap.c (working copy)
@@ -443,7 +443,7 @@
uldap_connection_find(request_rec *r,
const char *host, int port,
const char *binddn, const char *bindpw,
- deref_options deref, int secure)
+ int deref, int secure)
{
struct util_ldap_connection_t *l, *p; /* To traverse the linked list */
int secureflag = secure;
Index: httpd-trunk/modules/aaa/mod_authnz_ldap.c
===================================================================
--- httpd-trunk/modules/aaa/mod_authnz_ldap.c (revision 494665)
+++ httpd-trunk/modules/aaa/mod_authnz_ldap.c (working copy)
@@ -57,7 +57,7 @@
char **attributes; /* Array of all the attributes to
return */
int scope; /* Scope of the search */
char *filter; /* Filter to further limit the search
*/
- deref_options deref; /* how to handle alias dereferening */
+ int deref; /* how to handle alias dereferening */
char *binddn; /* DN to bind to server (can be NULL)
*/
char *bindpw; /* Password to bind to server (can be
NULL) */
deref01.patch
Description: Binary data
