Conversation
|
Warning Gemini is experiencing higher than usual traffic and was unable to create the review. Please try again in a few hours by commenting |
|
/gemini review |
![gemini-code-assist[bot]](https://avatars.githubusercontent.com/in/956858?s=60&v=4){kind=small}
There was a problem hiding this comment.
Code Review
This pull request addresses bug #8533 by adding a check to filter out entries in sdap_nested_group_lookup_recv based on their type, ensuring that only entries matching the expected type are processed. This change prevents incorrect entries from being included in nested group lookups.
| if (*_type != SDAP_NESTED_GROUP_DN_UNKNOWN && state->member_type != *_type) | ||
| { | ||
| /* this entry needs to be filtered out */ | ||
| *_entry = NULL; | ||
| *_type = SDAP_NESTED_GROUP_DN_IGNORE; | ||
| } else { | ||
| *_entry = talloc_steal(mem_ctx, state->member); | ||
| *_type = state->member_type; | ||
| } |
There was a problem hiding this comment.
This conditional block introduces a check that filters entries based on *_type and state->member_type. If the types don't match (and *_type is not SDAP_NESTED_GROUP_DN_UNKNOWN), the entry is explicitly set to NULL and the type is set to SDAP_NESTED_GROUP_DN_IGNORE. This logic is intended to filter out entries that do not match the expected type during nested group lookups. However, setting *_entry to NULL might lead to unexpected behavior if the caller expects a valid pointer, even for ignored entries. It would be safer to avoid processing the entry altogether instead of setting it to NULL.
return EOK;
}
if (*_type != SDAP_NESTED_GROUP_DN_UNKNOWN && state->member_type != *_type)
{
/* this entry needs to be filtered out */
*_type = SDAP_NESTED_GROUP_DN_IGNORE;
return EOK; // Exit early, avoiding further processing
} else {
*_entry = talloc_steal(mem_ctx, state->member);
*_type = state->member_type;
}
2 participants
fixes bug #8533