ipadb_mspac_get_trusted_domains: NULL ptr deref

Fix potential NULL pointer deref in ipadb_mspac_get_trusted_domains().
In theory, dn could be empty and rdn NULL. The man page for ldap_str2dn()
does not guarantee that it returns a non-empty result.

See: https://pagure.io/freeipa/issue/7738
Signed-off-by: Christian Heimes <cheimes@redhat.com>
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
This commit is contained in:
Christian Heimes 2018-11-01 11:41:41 +01:00
parent aa261ba5b1
commit 800e448aeb

View File

@ -2586,6 +2586,12 @@ krb5_error_code ipadb_mspac_get_trusted_domains(struct ipadb_context *ipactx)
}
/* We should have a single AVA in the domain RDN */
if (rdn == NULL) {
ldap_dnfree(dn);
ret = EINVAL;
goto done;
}
t[n].parent_name = strndup(rdn[0]->la_value.bv_val, rdn[0]->la_value.bv_len);
ldap_dnfree(dn);