From: Yannick CANN <yannick.cann@sagem.com>
Date: Thu, 6 Oct 2016 13:40:47 +0000 (+0200)
Subject: ldap: Fix crash in case of empty LDAP response for CRL fetch
X-Git-Tag: 5.5.1rc1~5
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=5f97b735549f9ff9719a64074da4282872e23156;p=thirdparty%2Fstrongswan.git

ldap: Fix crash in case of empty LDAP response for CRL fetch

In case of an empty LDAP result during a CRL fetch (for example, due to
a wrong filter attribute in the LDAP URI, or invalid LDAP configuration),
the call to ldap_result2error() with NULL value for "entry" lead to
a crash.

Closes strongswan/strongswan#52.
---

diff --git a/src/libstrongswan/plugins/ldap/ldap_fetcher.c b/src/libstrongswan/plugins/ldap/ldap_fetcher.c
index fe4c555450..635d5fc0e1 100644
--- a/src/libstrongswan/plugins/ldap/ldap_fetcher.c
+++ b/src/libstrongswan/plugins/ldap/ldap_fetcher.c
@@ -93,8 +93,7 @@ static bool parse(LDAP *ldap, LDAPMessage *result, chunk_t *response)
 	}
 	else
 	{
-		DBG1(DBG_LIB, "finding first LDAP entry failed: %s",
-			 ldap_err2string(ldap_result2error(ldap, entry, 0)));
+		DBG1(DBG_LIB, "finding first LDAP entry failed");
 	}
 	return success;
 }