From 6a3ec7ba6f99b027c4c15a360ef0116fe60a0705 Mon Sep 17 00:00:00 2001
From: Jakub Hrozek <jhrozek@redhat.com>
Date: Mon, 15 Sep 2014 14:18:17 +0200
Subject: LDAP: Do not clobber return value when multiple controls are returned

We loop over the array of returned controls and set 'ret' based on the
control value. In case multiple controls were returned, the 'ret'
variable might be clobbered with result of a string-to-int conversion.

Reviewed-by: Pavel Reichl <preichl@redhat.com>
---
 src/providers/ldap/sdap_async_connection.c | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

diff --git a/src/providers/ldap/sdap_async_connection.c b/src/providers/ldap/sdap_async_connection.c
index a1f78c02..ca981567 100644
--- a/src/providers/ldap/sdap_async_connection.c
+++ b/src/providers/ldap/sdap_async_connection.c
@@ -833,12 +833,13 @@ static void simple_bind_done(struct sdap_op *op,
                     goto done;
                 }
                 state->ppolicy->expire = strtouint32(nval, NULL, 10);
-                ret = errno;
+                lret = errno;
                 talloc_zfree(nval);
-                if (ret != EOK) {
+                if (lret != EOK) {
                     DEBUG(SSSDBG_MINOR_FAILURE,
                           "Couldn't convert control response "
-                           "to an integer [%s].\n", strerror(ret));
+                           "to an integer [%s].\n", strerror(lret));
+                    ret = ERR_INTERNAL;
                     goto done;
                 }
 
-- 
cgit