From c0070aa587ada9e50dd79ce46d2d70be8e382f88 Mon Sep 17 00:00:00 2001
From: Jakub Hrozek <jhrozek@redhat.com>
Date: Mon, 15 Sep 2014 14:18:17 +0200
Subject: LDAP: Do not clobber return value when multiple controls are returned

We loop over the array of returned controls and set 'ret' based on the
control value. In case multiple controls were returned, the 'ret'
variable might be clobbered with result of a string-to-int conversion.

Reviewed-by: Pavel Reichl <preichl@redhat.com>
---
 src/providers/ldap/sdap_async_connection.c | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

diff --git a/src/providers/ldap/sdap_async_connection.c b/src/providers/ldap/sdap_async_connection.c
index af4a2aa63..9019cff9f 100644
--- a/src/providers/ldap/sdap_async_connection.c
+++ b/src/providers/ldap/sdap_async_connection.c
@@ -851,12 +851,13 @@ static void simple_bind_done(struct sdap_op *op,
                     goto done;
                 }
                 state->ppolicy->expire = strtouint32(nval, NULL, 10);
-                ret = errno;
+                lret = errno;
                 talloc_zfree(nval);
-                if (ret != EOK) {
+                if (lret != EOK) {
                     DEBUG(SSSDBG_MINOR_FAILURE,
                           "Couldn't convert control response "
-                           "to an integer [%s].\n", strerror(ret));
+                           "to an integer [%s].\n", strerror(lret));
+                    ret = ERR_INTERNAL;
                     goto done;
                 }
 
-- 
cgit