CVE-2018-1140 Add NULL check for ldb_dn_get_casefold() in ltdb_index_dn_attr()

Signed-off-by: Andrej Gessel <Andrej.Gessel@janztec.com>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13374

diff --git a/lib/ldb/ldb_tdb/ldb_index.c b/lib/ldb/ldb_tdb/ldb_index.c
index 40baeea5c2bc4b22375c6bbb7e98f4c040d15ef9..682469396ce2ea12df3eb2c932fba502c7709f92 100644 (file)
--- a/lib/ldb/ldb_tdb/ldb_index.c
+++ b/lib/ldb/ldb_tdb/ldb_index.c
@@ -1405,6 +1405,15 @@ static int ltdb_index_dn_attr(struct ldb_module *module,
 
        /* work out the index key from the parent DN */
        val.data = (uint8_t *)((uintptr_t)ldb_dn_get_casefold(dn));
 
        /* work out the index key from the parent DN */
        val.data = (uint8_t *)((uintptr_t)ldb_dn_get_casefold(dn));

+       if (val.data == NULL) {
+               const char *dn_str = ldb_dn_get_linearized(dn);
+               ldb_asprintf_errstring(ldb_module_get_ctx(module),
+                                      __location__
+                                      ": Failed to get casefold DN "
+                                      "from: %s",
+                                      dn_str);
+               return LDB_ERR_OPERATIONS_ERROR;
+       }

        val.length = strlen((char *)val.data);
        key = ltdb_index_key(ldb, ltdb, attr, &val, NULL);
        if (!key) {
        val.length = strlen((char *)val.data);
        key = ltdb_index_key(ldb, ltdb, attr, &val, NULL);
        if (!key) {