>From 66c3906fc9e7b52bd21d1d23d15db5e052e66191 Mon Sep 17 00:00:00 2001 From: Jakub Hrozek Date: Thu, 17 Apr 2014 11:16:30 +0200 Subject: [PATCH] LDAP: Check the LDAP handle before using it As the connection code is async-driven, the LDAP handle might be invalidated before SSSD attempts to use it. Similar to commit 5fe6ca5e339fd345119752e996c14edf8db57660, this patch adds a NULL check for the LDAP handle and aborts the request instead of crashing. Resolves: https://fedorahosted.org/sssd/ticket/2305 (cherry picked from commit 997d4bcd8e994932ac15c42524bb9f00055ee322) (cherry picked from commit 7ab7fd0b4e4efd80113aa289115153dabb8fac27) --- src/providers/ldap/sdap_async_connection.c | 13 +++++++++++++ 1 file changed, 13 insertions(+) diff --git a/src/providers/ldap/sdap_async_connection.c b/src/providers/ldap/sdap_async_connection.c index 44536c73006074b5ed6f9bebee8cabeeb77e8746..f5b78d94a5eee8be4096543ed8772a79f489c0b5 100644 --- a/src/providers/ldap/sdap_async_connection.c +++ b/src/providers/ldap/sdap_async_connection.c @@ -745,6 +745,13 @@ static struct tevent_req *sasl_bind_send(TALLOC_CTX *memctx, /* FIXME: Warning, this is a sync call! * No async variant exist in openldap libraries yet */ + if (state->sh == NULL || state->sh->ldap == NULL) { + DEBUG(SSSDBG_CRIT_FAILURE, + ("Trying LDAP search while not connected.\n")); + ret = EIO; + goto fail; + } + ret = ldap_sasl_interactive_bind_s(state->sh->ldap, NULL, sasl_mech, NULL, NULL, LDAP_SASL_QUIET, @@ -1869,6 +1876,12 @@ static int sdap_rebind_proc(LDAP *ldap, LDAP_CONST char *url, ber_tag_t request, struct sasl_bind_state *sasl_bind_state; int ret; + if (ldap == NULL) { + DEBUG(SSSDBG_CRIT_FAILURE, + ("Trying LDAP rebind while not connected.\n")); + return EIO; + } + if (p->use_start_tls) { ret = synchronous_tls_setup(ldap); if (ret != LDAP_SUCCESS) { -- 2.0.4