From 6319623ea54435610f573e1a1d7b9bbe7b16e878 Mon Sep 17 00:00:00 2001
From: Nathan Kinder <nkinder@redhat.com>
Date: Tue, 14 Sep 2010 15:45:04 -0700
Subject: Bug 630097 - (cov#15505) NULL dereference in memberOf code

The config parameter is dereferenced before checking if it is NULL
early in memberof_modop_one_replace_r().  Later in the function,
we first check if config is NULL before dereferencing it.  We
should check if config is NULL at the beginning of the function
and bail out before we dereference it.
---
 ldap/servers/plugins/memberof/memberof.c | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/ldap/servers/plugins/memberof/memberof.c b/ldap/servers/plugins/memberof/memberof.c
index 52948926..50da09a7 100644
--- a/ldap/servers/plugins/memberof/memberof.c
+++ b/ldap/servers/plugins/memberof/memberof.c
@@ -980,6 +980,12 @@ int memberof_modop_one_replace_r(Slapi_PBlock *pb, MemberOfConfig *config,
 	Slapi_Value *to_dn_val = slapi_value_new_string(op_to);
 	Slapi_Value *this_dn_val = slapi_value_new_string(op_this);
 
+	if (config == NULL) {
+		slapi_log_error( SLAPI_LOG_FATAL, MEMBEROF_PLUGIN_SUBSYSTEM,
+				"memberof_modop_one_replace_r: NULL config parameter");
+		goto bail;
+	}
+
 	/* determine if this is a group op or single entry */
 	op_to_sdn = slapi_sdn_new_dn_byref(op_to);
 	slapi_search_internal_get_entry( op_to_sdn, config->groupattrs,
@@ -1076,7 +1082,7 @@ int memberof_modop_one_replace_r(Slapi_PBlock *pb, MemberOfConfig *config,
 		"memberof_modop_one_replace_r: %s %s in %s\n"
 		,op_str, op_this, op_to);
 
-	if(config && config->group_filter && !slapi_filter_test_simple(e, config->group_filter))
+	if(config->group_filter && !slapi_filter_test_simple(e, config->group_filter))
 	{
 		/* group */
 		Slapi_Value *ll_dn_val = 0;
-- 
cgit