From 75231b080d0b2a0ff0237ae529ab4321292f7da3 Mon Sep 17 00:00:00 2001
From: Nalin Dahyabhai <nalin@fedoraproject.org>
Date: May 14 2010 22:07:03 +0000
Subject: - don't return an uninitialized buffer as the value for an optional

    attribute that isn't present in the directory server entry (#592411)

---

diff --git a/nss-pam-ldapd-default.patch b/nss-pam-ldapd-default.patch
new file mode 100644
index 0000000..6fa691d
--- /dev/null
+++ b/nss-pam-ldapd-default.patch
@@ -0,0 +1,16 @@
+Store an empty string in the passed-in buffer, even if we don't manage to get
+the desired value from the entry.
+
+Index: nslcd/attmap.c
+===================================================================
+--- nslcd/attmap.c	(revision 1110)
++++ nslcd/attmap.c	(working copy)
+@@ -254,6 +254,8 @@
+ MUST_USE const char *attmap_get_value(MYLDAP_ENTRY *entry,const char *attr,char *buffer,size_t buflen)
+ {
+   const char **values;
++  if (buflen > 0)
++    buffer[0]='\0';
+   /* for simple values just return the attribute */
+   if (attr[0]!='"')
+   {
diff --git a/nss-pam-ldapd.spec b/nss-pam-ldapd.spec
index 9a1be9d..14c6026 100644
--- a/nss-pam-ldapd.spec
+++ b/nss-pam-ldapd.spec
@@ -1,6 +1,6 @@
 Name:		nss-pam-ldapd
 Version:	0.7.5
-Release:	1%{?dist}
+Release:	2%{?dist}
 Summary:	An nsswitch module which uses directory servers
 Group:		System Environment/Base
 License:	LGPLv2+
@@ -8,6 +8,7 @@ URL:		http://arthurdejong.org/nss-pam-ldapd/
 Source0:	http://arthurdejong.org/nss-pam-ldapd/nss-pam-ldapd-%{version}.tar.gz
 Source1:	http://arthurdejong.org/nss-pam-ldapd/nss-pam-ldapd-%{version}.tar.gz.sig
 Source2:	nslcd.init
+Patch0:		nss-pam-ldapd-default.patch
 BuildRoot:	%{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
 BuildRequires:	openldap-devel, krb5-devel
 Obsoletes:	nss-ldapd < 0.7
@@ -30,6 +31,7 @@ nsswitch module.
 
 %prep
 %setup -q
+%patch0 -p0 -b .default
 
 %build
 %configure --libdir=/%{_lib} --disable-pam
@@ -155,6 +157,10 @@ fi
 exit 0
 
 %changelog
+* Fri May 14 2010 Nalin Dahyabhai <nalin@redhat.com> 0.7.5-2
+- don't return an uninitialized buffer as the value for an optional attribute
+  that isn't present in the directory server entry (#592411)
+
 * Fri May 14 2010 Nalin Dahyabhai <nalin@redhat.com> 0.7.5-1
 - update to 0.7.5