dsdb/modules/acl: avoid deref of missing data (CID 1107200)

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>

diff --git a/source4/dsdb/samdb/ldb_modules/acl.c b/source4/dsdb/samdb/ldb_modules/acl.c
index 5d36f85b173cbc0e96cc9433408f02ffbbbbde1b..b1bbf93600601c9dc041544422b382d3bc7aa116 100644 (file)
--- a/source4/dsdb/samdb/ldb_modules/acl.c
+++ b/source4/dsdb/samdb/ldb_modules/acl.c
@@ -2170,9 +2170,11 @@ static int acl_search(struct ldb_module *module, struct ldb_request *req)
        }
 
        data = talloc_get_type(ldb_module_get_private(ac->module), struct acl_private);
-       if (data != NULL) {
-               ac->userPassword = data->userPassword_support;
+       if (data == NULL) {
+               return ldb_error(ldb, LDB_ERR_OPERATIONS_ERROR,
+                                "acl_private data is missing");
        }
+       ac->userPassword = data->userPassword_support;
 
        ret = acl_search_update_confidential_attrs(ac, data);
        if (ret != LDB_SUCCESS) {