The function send_ldap_extended_response() takes as its second-to-last
argument a long long result_code, but the infrastructure for handling
LDAP extended operations in ldap_extended() restricts them to an int.
I don't think there's any risk or bug here, this is just type
correctness.
Index: ldape.c
===================================================================
RCS file: /cvs/src/usr.sbin/ldapd/ldape.c,v
retrieving revision 1.18
diff -u -r1.18 ldape.c
--- ldape.c 2 Nov 2013 13:31:51 -0000 1.18
+++ ldape.c 12 Dec 2014 22:27:49 -0000
@@ -39,7 +39,7 @@
struct imsg *imsg);
static void ldape_needfd(struct imsgev *iev);
-int ldap_starttls(struct request *req);
+long long ldap_starttls(struct request *req);
void send_ldap_extended_response(struct conn *conn,
int msgid, unsigned long type,
long long result_code,
@@ -279,7 +279,7 @@
return ldap_respond(req, LDAP_COMPARE_FALSE);
}
-int
+long long
ldap_starttls(struct request *req)
{
if ((req->conn->listener->flags & F_STARTTLS) == 0) {
@@ -294,12 +294,13 @@
int
ldap_extended(struct request *req)
{
- int i, rc = LDAP_PROTOCOL_ERROR;
+ int i;
+ long long rc = LDAP_PROTOCOL_ERROR;
char *oid = NULL;
struct ber_element *ext_val = NULL;
struct {
const char *oid;
- int (*fn)(struct request *);
+ long long (*fn)(struct request *);
} extended_ops[] = {
{ "1.3.6.1.4.1.1466.20037", ldap_starttls },
{ NULL }
