From: Nick Porter <nick@portercomputing.co.uk>
Date: Mon, 29 Aug 2022 07:16:05 +0000 (+0100)
Subject: Check return of ber_scanf() CID #1512416
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=1d578522a1957deae66c278bf629920de50db7d9;p=thirdparty%2Ffreeradius-server.git

Check return of ber_scanf() CID #1512416
---

diff --git a/src/listen/ldap_sync/persistent_search.c b/src/listen/ldap_sync/persistent_search.c
index dea77d048e1..f18ece80050 100644
--- a/src/listen/ldap_sync/persistent_search.c
+++ b/src/listen/ldap_sync/persistent_search.c
@@ -246,7 +246,10 @@ int persistent_sync_search_entry(sync_state_t *sync, LDAPMessage *msg, LDAPContr
 	}
 
 	if (ber_peek_tag(ber, &len) == 0x02) {
-		ber_scanf(ber, "i", &change_no);
+		if (ber_scanf(ber, "i", &change_no) == LBER_ERROR) {
+			ERROR("Malformed changeNumber control");
+			goto free_ber;
+		}
 		/*
 		 *	The server has returned a changeNumber, treat it as a new cookie
 		 */
@@ -255,7 +258,7 @@ int persistent_sync_search_entry(sync_state_t *sync, LDAPMessage *msg, LDAPContr
 		if (ldap_sync_cookie_store(sync, sync->cookie, false) < 0) goto error;
 	}
 
-	if (ber_scanf(ber, "}") == LBER_ERROR ) {
+	if (ber_scanf(ber, "}") == LBER_ERROR) {
 		ERROR("Malformed syncStatevalue sequence");
 		goto free_ber;
 	}