LDAP: Fix saving empty groups

https://fedorahosted.org/sssd/ticket/1647

A logic bug in the LDAP provider causes an attempt to allocate a zero-length
array for group members while processing an empty group. The allocation
would return NULL and saving the empty group would fail.

1 files changed, 4 insertions, 2 deletions

diff --git a/src/providers/ldap/sdap_async_groups.c b/src/providers/ldap/sdap_async_groups.c
index 5fea0b474..32dd5020a 100644
--- a/src/providers/ldap/sdap_async_groups.c
+++ b/src/providers/ldap/sdap_async_groups.c
@@ -379,9 +379,11 @@ static int sdap_save_group(TALLOC_CTX *memctx,
     el->values = gh->values;
     el->num_values = gh->num_values;
 
+    cnt = el->num_values + el1->num_values;
+    DEBUG(SSSDBG_TRACE_FUNC, ("Group %s has %d members\n", name, cnt));
+
     /* Now process RFC2307bis ghost hash table */
-    if (ghosts != NULL) {
-        cnt = el->num_values + el1->num_values;
+    if (ghosts && cnt > 0) {
         el->values = talloc_realloc(attrs, el->values, struct ldb_val,
                                     cnt);
         if (el->values == NULL) {