CLDAP: make sure an empty reply is returned on any error

If ipa_cldap_decode() reply is not initialized. Fixes https://fedorahosted.org/freeipa/ticket/3885
2025-02-25 18:55:28 -06:00 · 2013-08-28 10:10:52 +02:00
parent 3940a574f9
commit 5c357b462d
1 changed files with 2 additions and 1 deletions
--- a/daemons/ipa-slapi-plugins/ipa-cldap/ipa_cldap_worker.c
+++ b/daemons/ipa-slapi-plugins/ipa-cldap/ipa_cldap_worker.c
@@ -276,13 +276,14 @@ static void ipa_cldap_process(struct ipa_cldap_ctx *ctx,
    LOG_TRACE("CLDAP Request received");

    ret = ipa_cldap_netlogon(ctx, req, &reply);
+
+done:
    if (ret != 0) {
        /* bad request, or internal error, return empty reply */
        /* as Windows does per MS-ADTS 6.3.3.3 */
        memset(&reply, 0, sizeof(struct berval));
    }

-done:
    ipa_cldap_respond(ctx, req, &reply);

    ipa_cldap_free_kvps(&req->kvps);