ldb:sort: check that elements have values

We assume no values is unlikely, since we have been dereferencing
->values[0] forever, with no known reports of trouble.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15625

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

diff --git a/lib/ldb/modules/sort.c b/lib/ldb/modules/sort.c
index 8487c7003b6a675a109d18cd6698f8f188c33bef..a4a77329ceec752f4c2906532527a03edffd7d19 100644 (file)
--- a/lib/ldb/modules/sort.c
+++ b/lib/ldb/modules/sort.c
@@ -122,7 +122,8 @@ static int sort_compare(struct ldb_message **msg1, struct ldb_message **msg2, vo
        el2 = ldb_msg_find_element(*msg2, ac->attributeName);
 
        /*
-        * NULL elements sort at the end (regardless of ac->reverse flag).
+        * NULL and empty elements sort at the end (regardless of ac->reverse flag).
+        * NULL elements come after empty ones.
         */
        if (el1 == NULL && el2 == NULL) {
                return 0;
@@ -133,6 +134,15 @@ static int sort_compare(struct ldb_message **msg1, struct ldb_message **msg2, vo
        if (el2 == NULL) {
                return -1;
        }
+       if (unlikely(el1->num_values == 0 && el2->num_values == 0)) {
+               return 0;
+       }
+       if (unlikely(el1->num_values == 0)) {
+               return 1;
+       }
+       if (unlikely(el2->num_values == 0)) {
+               return -1;
+       }
 
        if (ac->reverse)
                return ac->a->syntax->comparison_fn(ldb, ac, &el2->values[0], &el1->values[0]);