Unverified Commit 9889db04 authored by Daniel Stenberg's avatar Daniel Stenberg
Browse files

openldap: check ldap_get_attribute_ber() results for NULL before using 

CVE-2018-1000121
Reported-by: Dario Weisser
Bug: https://curl.haxx.se/docs/adv_2018-97a2.html
parent 535432c0

lib/openldap.c

+4 −4
Original line number Diff line number Diff line
@@ -473,7 +473,7 @@ static ssize_t ldap_recv(struct connectdata *conn, int sockindex, char *buf, 


  for(ent = ldap_first_message(li->ld, msg); ent;

    ent = ldap_next_message(li->ld, ent)) {

    struct berval bv, *bvals, **bvp = &bvals;

    struct berval bv, *bvals;

    int binary = 0, msgtype;

    CURLcode writeerr;
@@ -535,9 +535,9 @@ static ssize_t ldap_recv(struct connectdata *conn, int sockindex, char *buf, 
    }

    data->req.bytecount += bv.bv_len + 5;



    for(rc = ldap_get_attribute_ber(li->ld, ent, ber, &bv, bvp);

      rc == LDAP_SUCCESS;

      rc = ldap_get_attribute_ber(li->ld, ent, ber, &bv, bvp)) {

    for(rc = ldap_get_attribute_ber(li->ld, ent, ber, &bv, &bvals);

        (rc == LDAP_SUCCESS) && bvals;

        rc = ldap_get_attribute_ber(li->ld, ent, ber, &bv, &bvals)) {

      int i;



      if(bv.bv_val == NULL) break;