From f5b53c57246bbbbea75ce4d65a3d34b18984d18b Mon Sep 17 00:00:00 2001 From: =?utf8?q?Matthias=20Dieter=20Walln=C3=B6fer?= Date: Fri, 4 May 2012 11:42:14 +0200 Subject: [PATCH] s4:dsdb - always fail if a search filter could not be parsed A NULL string/expression returns the generic "(objectClass=*)" filter --- source4/dsdb/samdb/ldb_modules/proxy.c | 3 +++ source4/libcli/ldap/ldap_ildap.c | 6 +++++- 2 files changed, 8 insertions(+), 1 deletion(-) diff --git a/source4/dsdb/samdb/ldb_modules/proxy.c b/source4/dsdb/samdb/ldb_modules/proxy.c index 5f6e56f9d4..c3f12bae3a 100644 --- a/source4/dsdb/samdb/ldb_modules/proxy.c +++ b/source4/dsdb/samdb/ldb_modules/proxy.c @@ -339,6 +339,9 @@ static int proxy_search_bytree(struct ldb_module *module, struct ldb_request *re #endif newtree = proxy_convert_tree(ac, proxy, req->op.search.tree); + if (newtree == NULL) { + goto failed; + } /* convert the basedn of this search */ base = ldb_dn_copy(ac, req->op.search.base); diff --git a/source4/libcli/ldap/ldap_ildap.c b/source4/libcli/ldap/ldap_ildap.c index 10fe8e4916..8b6f8e8ddd 100644 --- a/source4/libcli/ldap/ldap_ildap.c +++ b/source4/libcli/ldap/ldap_ildap.c @@ -119,8 +119,12 @@ _PUBLIC_ NTSTATUS ildap_search(struct ldap_connection *conn, const char *basedn, struct ldb_control ***control_res, struct ldap_message ***results) { - struct ldb_parse_tree *tree = ldb_parse_tree(conn, expression); NTSTATUS status; + struct ldb_parse_tree *tree = ldb_parse_tree(conn, expression); + + if (tree == NULL) { + return NT_STATUS_INVALID_PARAMETER; + } status = ildap_search_bytree(conn, basedn, scope, tree, attrs, attributesonly, control_req, control_res, results); -- 2.34.1