LDAP: Check the LDAP handle before using it

As the connection code is async-driven, the LDAP handle might be
invalidated before SSSD attempts to use it. Similar to commit
5fe6ca5e339fd345119752e996c14edf8db57660, this patch adds a NULL check
for the LDAP handle and aborts the request instead of crashing.

Resolves:
https://fedorahosted.org/sssd/ticket/2305

1 files changed, 13 insertions, 0 deletions

diff --git a/src/providers/ldap/sdap_async_connection.c b/src/providers/ldap/sdap_async_connection.c
index abc5b1755..a1f78c025 100644
--- a/src/providers/ldap/sdap_async_connection.c
+++ b/src/providers/ldap/sdap_async_connection.c
@@ -926,6 +926,13 @@ static struct tevent_req *sasl_bind_send(TALLOC_CTX *memctx,
     /* FIXME: Warning, this is a sync call!
      * No async variant exist in openldap libraries yet */
 
+    if (state->sh == NULL || state->sh->ldap == NULL) {
+        DEBUG(SSSDBG_CRIT_FAILURE,
+              "Trying LDAP search while not connected.\n");
+        ret = ERR_NETWORK_IO;
+        goto fail;
+    }
+
     ret = ldap_sasl_interactive_bind_s(state->sh->ldap, NULL,
                                        sasl_mech, NULL, NULL,
                                        LDAP_SASL_QUIET,
@@ -2047,6 +2054,12 @@ static int sdap_rebind_proc(LDAP *ldap, LDAP_CONST char *url, ber_tag_t request,
     struct sasl_bind_state *sasl_bind_state;
     int ret;
 
+    if (ldap == NULL) {
+        DEBUG(SSSDBG_CRIT_FAILURE,
+              "Trying LDAP rebind while not connected.\n");
+        return ERR_NETWORK_IO;
+    }
+
     if (p->use_start_tls) {
         ret = synchronous_tls_setup(ldap);
         if (ret != LDAP_SUCCESS) {