s4:dsdb - always fail if a search filter could not be parsed

A NULL string/expression returns the generic "(objectClass=*)" filter

diff --git a/source4/dsdb/samdb/ldb_modules/proxy.c b/source4/dsdb/samdb/ldb_modules/proxy.c
index 5f6e56f9d47608f5a6505bb2816a03535b164a8d..c3f12bae3a16dd2d07ee1d19588fcb10121e4331 100644 (file)
--- a/source4/dsdb/samdb/ldb_modules/proxy.c
+++ b/source4/dsdb/samdb/ldb_modules/proxy.c
@@ -339,6 +339,9 @@ static int proxy_search_bytree(struct ldb_module *module, struct ldb_request *re
 #endif
 
        newtree = proxy_convert_tree(ac, proxy, req->op.search.tree);
+       if (newtree == NULL) {
+               goto failed;
+       }
 
        /* convert the basedn of this search */
        base = ldb_dn_copy(ac, req->op.search.base);

diff --git a/source4/libcli/ldap/ldap_ildap.c b/source4/libcli/ldap/ldap_ildap.c
index 10fe8e491658705d0653269849304c05d269f84f..8b6f8e8ddd41bfb7000b06417228f6399355b805 100644 (file)
--- a/source4/libcli/ldap/ldap_ildap.c
+++ b/source4/libcli/ldap/ldap_ildap.c
@@ -119,8 +119,12 @@ _PUBLIC_ NTSTATUS ildap_search(struct ldap_connection *conn, const char *basedn,
                      struct ldb_control ***control_res,
                      struct ldap_message ***results)
 {
-       struct ldb_parse_tree *tree = ldb_parse_tree(conn, expression);
        NTSTATUS status;
+       struct ldb_parse_tree *tree = ldb_parse_tree(conn, expression);
+
+       if (tree == NULL) {
+               return NT_STATUS_INVALID_PARAMETER;
+       }
        status = ildap_search_bytree(conn, basedn, scope, tree, attrs,
                                     attributesonly, control_req,
                                     control_res, results);