lib:ldb: do not offset against NULL pointer in ldb_ldif_read()

Fix the following error observed running samba.test.registry
compiled with clang-17 and UBsan:

lib/ldb/common/ldb_ldif.c:881:9: runtime error: applying non-zero offset 137438953440 to null pointer
    #0 0x7faa0eb3932f in ldb_ldif_read lib/ldb/common/ldb_ldif.c:881
    #1 0x7faa0eb3aec6 in ldb_ldif_read_string lib/ldb/common/ldb_ldif.c:1004
    #2 0x7faa077ed759 in dsdb_set_schema_from_ldif source4/dsdb/schema/schema_set.c:1113
    #3 0x7faa068fcbbf in py_dsdb_set_schema_from_ldif source4/dsdb/pydsdb.c:929
    #4 0x7faa1d1d4507 in cfunction_call (/lib64/libpython3.11.so.1.0+0x1d4507)
    [... a lot of Python calls skipped...]

I.e. number of elements should be checked against zero
before making an attempt to access an element by index.

Signed-off-by: Dmitry Antipov <dantipov@cloudlinux.com>
Reviewed-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

diff --git a/lib/ldb/common/ldb_ldif.c b/lib/ldb/common/ldb_ldif.c
index 748e44ed2b98073fa17d4fdb68c5cf2be7ff18ee..96237dd0abf39e2be4a46b0fbd683f8168a19749 100644 (file)
--- a/lib/ldb/common/ldb_ldif.c
+++ b/lib/ldb/common/ldb_ldif.c
@@ -878,12 +878,12 @@ struct ldb_ldif *ldb_ldif_read(struct ldb_context *ldb,
                        continue;
                }
 
-               el = &msg->elements[msg->num_elements-1];
-
                a = ldb_schema_attribute_by_name(ldb, attr);
+               el = (msg->num_elements > 0
+                     ? &msg->elements[msg->num_elements - 1]
+                     : NULL);
 
-               if (msg->num_elements > 0 && ldb_attr_cmp(attr, el->name) == 0 &&
-                   flags == el->flags) {
+               if (el && ldb_attr_cmp(attr, el->name) == 0 && flags == el->flags) {
                        /* its a continuation */
                        el->values =
                                talloc_realloc(msg->elements, el->values,