From 997d4bcd8e994932ac15c42524bb9f00055ee322 Mon Sep 17 00:00:00 2001
From: Jakub Hrozek <jhrozek@redhat.com>
Date: Thu, 17 Apr 2014 11:16:30 +0200
Subject: LDAP: Check the LDAP handle before using it

As the connection code is async-driven, the LDAP handle might be
invalidated before SSSD attempts to use it. Similar to commit
5fe6ca5e339fd345119752e996c14edf8db57660, this patch adds a NULL check
for the LDAP handle and aborts the request instead of crashing.

Resolves:
https://fedorahosted.org/sssd/ticket/2305
---
 src/providers/ldap/sdap_async_connection.c | 13 +++++++++++++
 1 file changed, 13 insertions(+)

(limited to 'src')

diff --git a/src/providers/ldap/sdap_async_connection.c b/src/providers/ldap/sdap_async_connection.c
index abc5b175..a1f78c02 100644
--- a/src/providers/ldap/sdap_async_connection.c
+++ b/src/providers/ldap/sdap_async_connection.c
@@ -926,6 +926,13 @@ static struct tevent_req *sasl_bind_send(TALLOC_CTX *memctx,
     /* FIXME: Warning, this is a sync call!
      * No async variant exist in openldap libraries yet */
 
+    if (state->sh == NULL || state->sh->ldap == NULL) {
+        DEBUG(SSSDBG_CRIT_FAILURE,
+              "Trying LDAP search while not connected.\n");
+        ret = ERR_NETWORK_IO;
+        goto fail;
+    }
+
     ret = ldap_sasl_interactive_bind_s(state->sh->ldap, NULL,
                                        sasl_mech, NULL, NULL,
                                        LDAP_SASL_QUIET,
@@ -2047,6 +2054,12 @@ static int sdap_rebind_proc(LDAP *ldap, LDAP_CONST char *url, ber_tag_t request,
     struct sasl_bind_state *sasl_bind_state;
     int ret;
 
+    if (ldap == NULL) {
+        DEBUG(SSSDBG_CRIT_FAILURE,
+              "Trying LDAP rebind while not connected.\n");
+        return ERR_NETWORK_IO;
+    }
+
     if (p->use_start_tls) {
         ret = synchronous_tls_setup(ldap);
         if (ret != LDAP_SUCCESS) {
-- 
cgit