ldb: fixed a search expression parse bug

when a secondary component of a & or | expression was invalid, it was
ignored rather than giving an error. For example:

 (|(objectclass=user)(samaccountname=foo\blah))

was treated as being:

 (objectclass=user)

whereas it should be an error, as foo\blah is invalid

Pair-Programmed-With: Amitay Isaacs <amitay@gmail.com>
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>

diff --git a/lib/ldb/common/ldb_parse.c b/lib/ldb/common/ldb_parse.c
index b4eabf8375c085263b16f4129ca9f0bd7ae6bda7..8c6c2d993e92a3746916b7da09a95acdc666047e 100644 (file)
--- a/lib/ldb/common/ldb_parse.c
+++ b/lib/ldb/common/ldb_parse.c
@@ -534,8 +534,18 @@ static struct ldb_parse_tree *ldb_parse_filterlist(TALLOC_CTX *mem_ctx, const ch
 
        while (isspace((unsigned char)*p)) p++;
 
-       while (*p && (next = ldb_parse_filter(ret->u.list.elements, &p))) {
+       while (*p) {
+               if (*p == ')') {
+                       break;
+               }
+
+               next = ldb_parse_filter(ret->u.list.elements, &p);
                struct ldb_parse_tree **e;
+               if (next == NULL) {
+                       /* an invalid filter element */
+                       talloc_free(ret);
+                       return NULL;
+               }
                e = talloc_realloc(ret, ret->u.list.elements, 
                                     struct ldb_parse_tree *, 
                                     ret->u.list.num_elements + 1);