From: Daniel Stenberg Date: Sat, 20 Sep 2025 21:53:52 +0000 (+0200) Subject: openldap: check ldap_get_option() return codes X-Git-Tag: rc-8_17_0-1~296 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=0c53a5e5dcca82dfa57a209c350c77db1572a7c6;p=thirdparty%2Fcurl.git openldap: check ldap_get_option() return codes Do not just assume that they always work. Reported in Joshua's sarif data Closes #18653 --- diff --git a/lib/openldap.c b/lib/openldap.c index 717739b68d..7d25d18421 100644 --- a/lib/openldap.c +++ b/lib/openldap.c @@ -538,7 +538,8 @@ static CURLcode oldap_ssl_connect(struct Curl_easy *data, ldapstate newstate) Sockbuf *sb; /* Install the libcurl SSL handlers into the sockbuf. */ - ldap_get_option(li->ld, LDAP_OPT_SOCKBUF, &sb); + if(ldap_get_option(li->ld, LDAP_OPT_SOCKBUF, &sb) != LDAP_OPT_SUCCESS) + return CURLE_FAILED_INIT; ber_sockbuf_add_io(sb, &ldapsb_tls, LBER_SBIOD_LEVEL_TRANSPORT, data); li->recv = conn->recv[FIRSTSOCKET]; li->send = conn->send[FIRSTSOCKET]; @@ -951,7 +952,8 @@ static CURLcode oldap_disconnect(struct Curl_easy *data, #ifdef USE_SSL if(ssl_installed(conn)) { Sockbuf *sb; - ldap_get_option(li->ld, LDAP_OPT_SOCKBUF, &sb); + if(ldap_get_option(li->ld, LDAP_OPT_SOCKBUF, &sb) != LDAP_OPT_SUCCESS) + return CURLE_FAILED_INIT; ber_sockbuf_add_io(sb, &ldapsb_tls, LBER_SBIOD_LEVEL_TRANSPORT, data); } #endif @@ -986,7 +988,8 @@ static CURLcode oldap_do(struct Curl_easy *data, bool *done) if(ssl_installed(conn)) { Sockbuf *sb; /* re-install the libcurl SSL handlers into the sockbuf. */ - ldap_get_option(li->ld, LDAP_OPT_SOCKBUF, &sb); + if(ldap_get_option(li->ld, LDAP_OPT_SOCKBUF, &sb) != LDAP_OPT_SUCCESS) + return CURLE_FAILED_INIT; ber_sockbuf_add_io(sb, &ldapsb_tls, LBER_SBIOD_LEVEL_TRANSPORT, data); } #endif