From ddfac1469be567e2ae587b3f43420f71428f766a Mon Sep 17 00:00:00 2001
From: Ludovic Poitou <ludovic.poitou@forgerock.com>
Date: Sun, 18 May 2014 19:09:59 +0000
Subject: [PATCH] Fix for OPENDJ-1146. ACIs in the ACI cache could be leaked with subtree delete

---
 opends/src/server/org/opends/server/authorization/dseecompat/AciList.java |    8 ++------
 1 files changed, 2 insertions(+), 6 deletions(-)

diff --git a/opends/src/server/org/opends/server/authorization/dseecompat/AciList.java b/opends/src/server/org/opends/server/authorization/dseecompat/AciList.java
index 83a0876..77f6cb3 100644
--- a/opends/src/server/org/opends/server/authorization/dseecompat/AciList.java
+++ b/opends/src/server/org/opends/server/authorization/dseecompat/AciList.java
@@ -22,7 +22,7 @@
  *
  *
  *      Copyright 2008-2010 Sun Microsystems, Inc.
- *      Portions Copyright 2013 ForgeRock AS
+ *      Portions Copyright 2013-2014 ForgeRock AS
  */
 package org.opends.server.authorization.dseecompat;
 
@@ -364,11 +364,7 @@
       {
         return false;
       }
-      if (hasAci && aciList.remove(entryDN) == null)
-      {
-        return false;
-      }
-      if (!hasGlobalAci && !hasAci)
+      if (hasAci || !hasGlobalAci)
       {
         return aciList.removeSubtree(entryDN, null);
       }

--
Gitblit v1.10.0