1 From 8f341a5d6f15381492ca2013325d485b6d8d1c13 Mon Sep 17 00:00:00 2001
2 From: Daniel Stenberg <daniel@haxx.se>
3 Date: Tue, 6 Mar 2018 23:02:16 +0100
4 Subject: [PATCH] openldap: check ldap_get_attribute_ber() results for NULL
8 Reported-by: Dario Weisser
9 Bug: https://curl.haxx.se/docs/adv_2018-97a2.html
11 lib/openldap.c | 8 ++++----
12 1 file changed, 4 insertions(+), 4 deletions(-)
16 @@ -443,7 +443,7 @@ static ssize_t ldap_recv(struct connectd
18 for(ent = ldap_first_message(li->ld, msg); ent;
19 ent = ldap_next_message(li->ld, ent)) {
20 - struct berval bv, *bvals, **bvp = &bvals;
21 + struct berval bv, *bvals;
22 int binary = 0, msgtype;
25 @@ -505,9 +505,9 @@ static ssize_t ldap_recv(struct connectd
27 data->req.bytecount += bv.bv_len + 5;
29 - for(rc = ldap_get_attribute_ber(li->ld, ent, ber, &bv, bvp);
31 - rc = ldap_get_attribute_ber(li->ld, ent, ber, &bv, bvp)) {
32 + for(rc = ldap_get_attribute_ber(li->ld, ent, ber, &bv, &bvals);
33 + (rc == LDAP_SUCCESS) && bvals;
34 + rc = ldap_get_attribute_ber(li->ld, ent, ber, &bv, &bvals)) {
37 if(bv.bv_val == NULL) break;