From: Anoop C S <anoopcs@samba.org>
Date: Tue, 19 May 2026 10:43:40 +0000 (+0530)
Subject: source4/dsdb: Fix NULL dereference in attribute_list_from_class()
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=5d919d14f2d43232ab71ed3768d6718a07e32927;p=thirdparty%2Fsamba.git

source4/dsdb: Fix NULL dereference in attribute_list_from_class()

When dsdb_class_by_lDAPDisplayName_ldb_val() returns NULL due
to a missing class in the schema, the result is passed to
attribute_list_from_class() without validation. The function
immediately dereferences sclass when calling dsdb_attribute_list(),
causing a NULL pointer dereference.

Add NULL check at the entry of attribute_list_from_class() and return
NULL for missing schema classes.

Signed-off-by: Anoop C S <anoopcs@samba.org>
Reviewed-by: Martin Schwenke <martin@meltin.net>
---

diff --git a/source4/dsdb/schema/schema_query.c b/source4/dsdb/schema/schema_query.c
index aa906d03d4b..9466d3e43da 100644
--- a/source4/dsdb/schema/schema_query.c
+++ b/source4/dsdb/schema/schema_query.c
@@ -322,6 +322,10 @@ static const char **attribute_list_from_class(TALLOC_CTX *mem_ctx,
 	const char **recursive_list;
 	const char **attr_list;
 
+	if (sclass == NULL) {
+		return NULL;
+	}
+
 	this_class_list = dsdb_attribute_list(mem_ctx, sclass, query);
 
 	recursive_list = dsdb_full_attribute_list_internal(mem_ctx, schema,