From: Andrew Bartlett <abartlet@samba.org>
Date: Mon, 21 May 2018 02:50:50 +0000 (+1200)
Subject: CVE-2018-1140 ldb: Check for ldb_dn_get_casefold() failure in ldb_sqlite
X-Git-Tag: ldb-1.3.5~4
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=7331723918018a40904ab7339b051e7ebb136a6e;p=thirdparty%2Fsamba.git

CVE-2018-1140 ldb: Check for ldb_dn_get_casefold() failure in ldb_sqlite

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13374
---

diff --git a/lib/ldb/ldb_sqlite3/ldb_sqlite3.c b/lib/ldb/ldb_sqlite3/ldb_sqlite3.c
index f94dc993904..0f5abf87547 100644
--- a/lib/ldb/ldb_sqlite3/ldb_sqlite3.c
+++ b/lib/ldb/ldb_sqlite3/ldb_sqlite3.c
@@ -323,6 +323,9 @@ static char *parsetree_to_sql(struct ldb_module *module,
 		 	const char *cdn = ldb_dn_get_casefold(
 						ldb_dn_new(mem_ctx, ldb,
 							      (const char *)value.data));
+			if (cdn == NULL) {
+				return NULL;
+			}
 
 			return lsqlite3_tprintf(mem_ctx,
 						"SELECT eid FROM ldb_entry "