diff options
author | Nathan Kinder <nkinder@redhat.com> | 2010-09-15 13:31:24 -0700 |
---|---|---|
committer | Nathan Kinder <nkinder@redhat.com> | 2010-09-15 13:31:24 -0700 |
commit | b83f966e5ce1d5a3e70521b15f92b9f6ba988b1c (patch) | |
tree | c5441d2d834a504e9834e64dcb674ebacad6b4ea /ldap/servers/plugins/acl | |
parent | 470e2c70338440f69b0ab8fc02128fe5f204af3e (diff) | |
download | ds-b83f966e5ce1d5a3e70521b15f92b9f6ba988b1c.tar.gz ds-b83f966e5ce1d5a3e70521b15f92b9f6ba988b1c.tar.xz ds-b83f966e5ce1d5a3e70521b15f92b9f6ba988b1c.zip |
Bug 630097 - (cov#15477) NULL dereference in ACL plug-in code
We need to check if aclpb is NULL before dereferencing it. The
proper thing to do here is to make aclplugin_preop_common() return
an error to the LDAP client and to return 1 since the whole purpose
of this function is to initialize the aclpb. Doing this will avoid
the NULL dereference.
Diffstat (limited to 'ldap/servers/plugins/acl')
-rw-r--r-- | ldap/servers/plugins/acl/aclplugin.c | 6 |
1 files changed, 6 insertions, 0 deletions
diff --git a/ldap/servers/plugins/acl/aclplugin.c b/ldap/servers/plugins/acl/aclplugin.c index 873c524e..d54250d5 100644 --- a/ldap/servers/plugins/acl/aclplugin.c +++ b/ldap/servers/plugins/acl/aclplugin.c @@ -205,6 +205,12 @@ aclplugin_preop_common( Slapi_PBlock *pb ) aclpb = acl_get_aclpb ( pb, ACLPB_BINDDN_PBLOCK ); + if (aclpb == NULL) { + slapi_log_error( SLAPI_LOG_ACL, plugin_name, "aclplugin_preop_common: Error: aclpb is NULL\n" ); + slapi_send_ldap_result( pb, LDAP_OPERATIONS_ERROR, NULL, NULL, 0, NULL ); + return 1; + } + /* See if we have initialized already */ if ( aclpb->aclpb_state & ACLPB_INITIALIZED ) goto done; |