Full_Name: Marc Schmitzer Version: 2.4.28 OS: Linux URL: ftp://ftp.openldap.org/incoming/ Submission from: (NULL) (217.6.229.211)

The ldap_dn2bv_x function misbehaves for the LDAPV2 and LDAPV3 formats when it is passed an "empty" DN in the form of an LDAPRDN-array whose first element is NULL. The "len" variable remains zero throughout the function, as no RDNS are processed. Finally, the bv_len member of the output struct berval is set to len-1. The result is a berval with bv_len = UINT_MAX.

Tested with 2.4.28, but the problem appears to present in the current git master as well.

The following code snippet demonstrates the problem:

#include <stdio.h> #include <ldap.h>

int main(int argc, char** argv) { LDAPRDN dn[1] = { NULL }; struct berval bv = { 0, NULL }; int res = ldap_dn2bv(dn, &bv, LDAP_DN_FORMAT_LDAPV3);

printf("res: %d\n", res); printf("len: %u\n", (unsigned int) bv.bv_len);

return 0; }

Output: res: 0 len: 4294967295