ldb_kv_search: avoid handling uninitialised dn

If ldb_kv_filter_attrs() fails, we don't know that the dn of filtered_msg
is OK.

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Fri Apr  5 05:46:55 UTC 2019 on sn-devel-144

diff --git a/lib/ldb/ldb_key_value/ldb_kv_search.c b/lib/ldb/ldb_key_value/ldb_kv_search.c
index a384ee923675091bbe229a12972a9c9d3b205cb6..f77e0ca2fdc805e418c8b3c16f910e557466b14e 100644 (file)
--- a/lib/ldb/ldb_key_value/ldb_kv_search.c
+++ b/lib/ldb/ldb_key_value/ldb_kv_search.c
@@ -678,6 +678,11 @@ static int ldb_kv_search_and_return_base(struct ldb_kv_private *ldb_kv,
         * assignment is safe
         */
        ret = ldb_kv_filter_attrs(ctx, msg, ctx->attrs, &filtered_msg);
+       if (ret == -1) {
+               talloc_free(msg);
+               filtered_msg = NULL;
+               return LDB_ERR_OPERATIONS_ERROR;
+       }
 
        /*
         * Remove any extended components possibly copied in from
@@ -686,10 +691,6 @@ static int ldb_kv_search_and_return_base(struct ldb_kv_private *ldb_kv,
        ldb_dn_remove_extended_components(filtered_msg->dn);
        talloc_free(msg);
 
-       if (ret == -1) {
-               return LDB_ERR_OPERATIONS_ERROR;
-       }
-
        ret = ldb_module_send_entry(ctx->req, filtered_msg, NULL);
        if (ret != LDB_SUCCESS) {
                /* Regardless of success or failure, the msg