ldb:ldb_dn: use safe transitive comparison in ldb_dn_compare()

The comparison we make is unconventional, and makes no difference in
normal usage, where we just want to know whether two DNs are the same
or not. But with over 100 callers, it is possible that something
somewhere is attempting a sort.

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

diff --git a/lib/ldb/common/ldb_dn.c b/lib/ldb/common/ldb_dn.c
index 601da57a1b1dc1a753e0afdafab6cec69eb3ed1f..3c331cc645c5fde05d5348036837b44484d642bb 100644 (file)
--- a/lib/ldb/common/ldb_dn.c
+++ b/lib/ldb/common/ldb_dn.c
@@ -1156,8 +1156,15 @@ int ldb_dn_compare(struct ldb_dn *dn0, struct ldb_dn *dn1)
 
        }
 
-       if (dn0->comp_num != dn1->comp_num) {
-               return (dn1->comp_num - dn0->comp_num);
+       /*
+        * Notice that for comp_num, Samba reverses the usual order of
+        * comparison. A DN with fewer components is greater than one
+        * with more.
+        */
+       if (dn0->comp_num > dn1->comp_num) {
+               return -1;
+       } else if (dn0->comp_num < dn1->comp_num) {
+               return 1;
        }
 
        if (dn0->comp_num == 0) {