From 69efbcaa03b99b927806af43752bcd5d667a676d Mon Sep 17 00:00:00 2001 From: Daniel Stenberg Date: Thu, 9 Oct 2025 23:03:18 +0200 Subject: [PATCH] ldap: avoid null ptr deref on failure ldap_get_dn() can return NULL on error Reported-by: Joshua Rogers Closes #18988 --- lib/ldap.c | 36 ++++++++++++------------------------ 1 file changed, 12 insertions(+), 24 deletions(-) diff --git a/lib/ldap.c b/lib/ldap.c index be65ea2055..2314bbf585 100644 --- a/lib/ldap.c +++ b/lib/ldap.c @@ -535,7 +535,7 @@ static CURLcode ldap_do(struct Curl_easy *data, bool *done) /* Get the DN and write it to the client */ { char *name; - size_t name_len; + size_t name_len = 0; #ifdef USE_WIN32_LDAP TCHAR *dn = ldap_get_dn(server, entryIterator); name = curlx_convert_tchar_to_UTF8(dn); @@ -549,32 +549,20 @@ static CURLcode ldap_do(struct Curl_easy *data, bool *done) #else char *dn = name = ldap_get_dn(server, entryIterator); #endif - name_len = strlen(name); - - result = Curl_client_write(data, CLIENTWRITE_BODY, "DN: ", 4); - if(result) { - FREE_ON_WINLDAP(name); - ldap_memfree(dn); - goto quit; - } - - result = Curl_client_write(data, CLIENTWRITE_BODY, name, name_len); - if(result) { - FREE_ON_WINLDAP(name); - ldap_memfree(dn); - goto quit; + if(!name) + result = CURLE_FAILED_INIT; + else { + name_len = strlen(name); + result = Curl_client_write(data, CLIENTWRITE_BODY, "DN: ", 4); } - - result = Curl_client_write(data, CLIENTWRITE_BODY, "\n", 1); - if(result) { - FREE_ON_WINLDAP(name); - ldap_memfree(dn); - - goto quit; - } - + if(!result) + result = Curl_client_write(data, CLIENTWRITE_BODY, name, name_len); + if(!result) + result = Curl_client_write(data, CLIENTWRITE_BODY, "\n", 1); FREE_ON_WINLDAP(name); ldap_memfree(dn); + if(result) + goto quit; } /* Get the attributes and write them to the client */ -- 2.47.3