diff options
| author | Nathan Kinder <nkinder@redhat.com> | 2010-09-03 14:04:16 -0700 |
|---|---|---|
| committer | Nathan Kinder <nkinder@redhat.com> | 2010-09-08 10:39:59 -0700 |
| commit | a733cd11e91d956242452ba4dd1d37406bec4aa4 (patch) | |
| tree | 20dcaecda08b540e3aeead461b750ea0c5e1c0b2 | |
| parent | eed34c50e31a1b62a8185096cdbc3d7763125f3a (diff) | |
| download | ds-a733cd11e91d956242452ba4dd1d37406bec4aa4.tar.gz ds-a733cd11e91d956242452ba4dd1d37406bec4aa4.tar.xz ds-a733cd11e91d956242452ba4dd1d37406bec4aa4.zip | |
Bug 630096 - (cov#15446) check return value of ber_scanf()
We were not checking the return value of ber_scanf in the DNA
plug-in when parsing the range transfer response. This checks
the return value and sets the return code to LDAP_PROTOCOL_ERROR
if we were unable to parse the range transfer response.
| -rw-r--r-- | ldap/servers/plugins/dna/dna.c | 5 |
1 files changed, 4 insertions, 1 deletions
diff --git a/ldap/servers/plugins/dna/dna.c b/ldap/servers/plugins/dna/dna.c index 558e6138..837b674c 100644 --- a/ldap/servers/plugins/dna/dna.c +++ b/ldap/servers/plugins/dna/dna.c @@ -1604,7 +1604,10 @@ static int dna_request_range(struct configEntry *config_entry, /* Parse response */ if (responsedata) { respber = ber_init(responsedata); - ber_scanf(respber, "{aa}", &lower_str, &upper_str); + if (ber_scanf(respber, "{aa}", &lower_str, &upper_str) == LBER_ERROR) { + ret = LDAP_PROTOCOL_ERROR; + goto bail; + } } /* Fill in upper and lower */ |