CVE-2018-1140 ldb: Check for ldb_dn_get_casefold() failure in ldb_sqlite

author Andrew Bartlett <abartlet@samba.org>

Mon, 21 May 2018 02:50:50 +0000 (14:50 +1200)

committer Karolin Seeger <kseeger@samba.org>

Tue, 14 Aug 2018 11:57:15 +0000 (13:57 +0200)
author Andrew Bartlett <abartlet@samba.org>
Mon, 21 May 2018 02:50:50 +0000 (14:50 +1200)
committer Karolin Seeger <kseeger@samba.org>
Tue, 14 Aug 2018 11:57:15 +0000 (13:57 +0200)
diff --git a/lib/ldb/ldb_sqlite3/ldb_sqlite3.c b/lib/ldb/ldb_sqlite3/ldb_sqlite3.c

index f94dc993904ba4673647c9056d94caeebc2c7677..0f5abf875472d5202bdc0a243690bf03551848d0 100644 (file)
--- a/lib/ldb/ldb_sqlite3/ldb_sqlite3.c
+++ b/lib/ldb/ldb_sqlite3/ldb_sqlite3.c
@@ -323,6 +323,9 @@ static char *parsetree_to_sql(struct ldb_module *module,
                         const char *cdn = ldb_dn_get_casefold(
                                                 ldb_dn_new(mem_ctx, ldb,
                                                               (const char *)value.data));
+                       if (cdn == NULL) {
+                               return NULL;
+                       }
  
                         return lsqlite3_tprintf(mem_ctx,
                                                 "SELECT eid FROM ldb_entry "
author	Andrew Bartlett <abartlet@samba.org>
	Mon, 21 May 2018 02:50:50 +0000 (14:50 +1200)
committer	Karolin Seeger <kseeger@samba.org>
	Tue, 14 Aug 2018 11:57:15 +0000 (13:57 +0200)