diff options
author | Jakub Hrozek <jhrozek@redhat.com> | 2014-04-17 11:16:30 +0200 |
---|---|---|
committer | Jakub Hrozek <jhrozek@redhat.com> | 2014-05-12 13:21:01 +0200 |
commit | 997d4bcd8e994932ac15c42524bb9f00055ee322 (patch) | |
tree | 8fef3d49df14d7366ed9dd253a5fcd39aa02c02d /src/providers/ldap | |
parent | 785cfb3dfdd8f38426e71e6161581e85f4f8f941 (diff) | |
download | sssd-997d4bcd8e994932ac15c42524bb9f00055ee322.tar.gz sssd-997d4bcd8e994932ac15c42524bb9f00055ee322.tar.xz sssd-997d4bcd8e994932ac15c42524bb9f00055ee322.zip |
LDAP: Check the LDAP handle before using it
As the connection code is async-driven, the LDAP handle might be
invalidated before SSSD attempts to use it. Similar to commit
5fe6ca5e339fd345119752e996c14edf8db57660, this patch adds a NULL check
for the LDAP handle and aborts the request instead of crashing.
Resolves:
https://fedorahosted.org/sssd/ticket/2305
Diffstat (limited to 'src/providers/ldap')
-rw-r--r-- | src/providers/ldap/sdap_async_connection.c | 13 |
1 files changed, 13 insertions, 0 deletions
diff --git a/src/providers/ldap/sdap_async_connection.c b/src/providers/ldap/sdap_async_connection.c index abc5b1755..a1f78c025 100644 --- a/src/providers/ldap/sdap_async_connection.c +++ b/src/providers/ldap/sdap_async_connection.c @@ -926,6 +926,13 @@ static struct tevent_req *sasl_bind_send(TALLOC_CTX *memctx, /* FIXME: Warning, this is a sync call! * No async variant exist in openldap libraries yet */ + if (state->sh == NULL || state->sh->ldap == NULL) { + DEBUG(SSSDBG_CRIT_FAILURE, + "Trying LDAP search while not connected.\n"); + ret = ERR_NETWORK_IO; + goto fail; + } + ret = ldap_sasl_interactive_bind_s(state->sh->ldap, NULL, sasl_mech, NULL, NULL, LDAP_SASL_QUIET, @@ -2047,6 +2054,12 @@ static int sdap_rebind_proc(LDAP *ldap, LDAP_CONST char *url, ber_tag_t request, struct sasl_bind_state *sasl_bind_state; int ret; + if (ldap == NULL) { + DEBUG(SSSDBG_CRIT_FAILURE, + "Trying LDAP rebind while not connected.\n"); + return ERR_NETWORK_IO; + } + if (p->use_start_tls) { ret = synchronous_tls_setup(ldap); if (ret != LDAP_SUCCESS) { |