CVE-2018-1140 Add NULL check for ldb_dn_get_casefold() in ltdb_index_dn_attr()

Signed-off-by: Andrej Gessel <Andrej.Gessel@janztec.com>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13374

diff --git a/lib/ldb/ldb_key_value/ldb_kv_index.c b/lib/ldb/ldb_key_value/ldb_kv_index.c
index 550f4b620ad4fc4499f495512041853269ab5ffc..fda55dd548f1da39da39c9d0d29f6f2187920a28 100644 (file)
--- a/lib/ldb/ldb_key_value/ldb_kv_index.c
+++ b/lib/ldb/ldb_key_value/ldb_kv_index.c
@@ -1613,6 +1613,15 @@ static int ldb_kv_index_dn_attr(struct ldb_module *module,
 
        /* work out the index key from the parent DN */
        val.data = (uint8_t *)((uintptr_t)ldb_dn_get_casefold(dn));
+       if (val.data == NULL) {
+               const char *dn_str = ldb_dn_get_linearized(dn);
+               ldb_asprintf_errstring(ldb_module_get_ctx(module),
+                                      __location__
+                                      ": Failed to get casefold DN "
+                                      "from: %s",
+                                      dn_str);
+               return LDB_ERR_OPERATIONS_ERROR;
+       }
        val.length = strlen((char *)val.data);
        key = ldb_kv_index_key(ldb, ldb_kv, attr, &val, NULL, truncation);
        if (!key) {