From 243ba589c5a69a42bdae8459bd3e6d2e65853de8 Mon Sep 17 00:00:00 2001
From: Nathan Kinder <nkinder@redhat.com>
Date: Mon, 13 Sep 2010 13:50:42 -0700
Subject: Bug 630097 - (cov#11938) NULL dereference in mmldif

There is a chance that we can deference a NULL pointer in the
mmldif code.  If "(numb > tot_b)" is true, it is not guaranteed
that "a" is non-NULL.  We need to check if "a" is NULL before
dereferencing it in the "(cmp < 0)" case.
---
 ldap/servers/slapd/tools/mmldif.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/ldap/servers/slapd/tools/mmldif.c b/ldap/servers/slapd/tools/mmldif.c
index 291702a8..665452cb 100644
--- a/ldap/servers/slapd/tools/mmldif.c
+++ b/ldap/servers/slapd/tools/mmldif.c
@@ -1086,7 +1086,7 @@ addmodified(FILE * edf3, attrib1_t * attrib, record_t * first)
         } else {
             cmp = stricmp(a->name, attribname(b));
         }
-        if (cmp < 0) {
+        if ((cmp < 0) && (a != NULL)) {
             /* a < b: a is deleted */
             attrname = a->name;
             fprintf(edf3, "delete: %s\n-\n", attrname);
-- 
cgit