From 7a1906d92412f32a2e481b1ad4178bed0b87d0ca Mon Sep 17 00:00:00 2001
From: Andrej Gessel <Andrej.Gessel@janztec.com>
Date: Fri, 15 Jun 2018 11:02:15 +0200
Subject: [PATCH] ldb: check return values

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13475

Signed-off-by: Andrej Gessel <Andrej.Gessel@janztec.com>
Reviewed-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit 6b52d21e6040699a72aff12fd6ebb34534dcb457)
---
 lib/ldb/ldb_tdb/ldb_index.c  | 7 +++++++
 lib/ldb/ldb_tdb/ldb_search.c | 5 ++++-
 2 files changed, 11 insertions(+), 1 deletion(-)

diff --git a/lib/ldb/ldb_tdb/ldb_index.c b/lib/ldb/ldb_tdb/ldb_index.c
index 290d9b6482b..21d501d4ee5 100644
--- a/lib/ldb/ldb_tdb/ldb_index.c
+++ b/lib/ldb/ldb_tdb/ldb_index.c
@@ -433,6 +433,10 @@ normal_index:
 
 		list->count = el->values[0].length / LTDB_GUID_SIZE;
 		list->dn = talloc_array(list, struct ldb_val, list->count);
+		if (list->dn == NULL) {
+			talloc_free(msg);
+			return LDB_ERR_OPERATIONS_ERROR;
+		}
 
 		/*
 		 * The actual data is on msg, due to
@@ -621,6 +625,9 @@ static int ltdb_dn_list_store(struct ldb_module *module, struct ldb_dn *dn,
 	}
 
 	key.dptr = discard_const_p(unsigned char, ldb_dn_get_linearized(dn));
+	if (key.dptr == NULL) {
+		return LDB_ERR_OPERATIONS_ERROR;
+	}
 	key.dsize = strlen((char *)key.dptr);
 
 	rec = tdb_fetch(ltdb->idxptr->itdb, key);
diff --git a/lib/ldb/ldb_tdb/ldb_search.c b/lib/ldb/ldb_tdb/ldb_search.c
index af7393deda7..fdae4cba62b 100644
--- a/lib/ldb/ldb_tdb/ldb_search.c
+++ b/lib/ldb/ldb_tdb/ldb_search.c
@@ -102,8 +102,11 @@ static int msg_add_distinguished_name(struct ldb_message *msg)
 	el.values = &val;
 	el.flags = 0;
 	val.data = (uint8_t *)ldb_dn_alloc_linearized(msg, msg->dn);
+	if (val.data == NULL) {
+		return -1;
+	}
 	val.length = strlen((char *)val.data);
-	
+
 	ret = msg_add_element(msg, &el, 1);
 	return ret;
 }
-- 
2.47.2