winbindd/idmap_rfc2307: Fix CID 1273424 - Read from pointer after free

idmap_rfc2307_ads_search() calls ads_do_search_retry_internal() which
can deallocate ads param based on ads->is_mine boolean.

This approach is fragile so caller must properly check
return code before any pointer dereference.

Signed-off-by: Robin Hack <hack.robin@gmail.com>
Reviewed-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Christof Schmitt <cs@samba.org>

diff --git a/source3/winbindd/idmap_rfc2307.c b/source3/winbindd/idmap_rfc2307.c
index 3ef10f6b2171b078b80d961446d1c364d404a298..1b5aad9605d25ef90d978cb6c143ee34b9368cd7 100644 (file)
--- a/source3/winbindd/idmap_rfc2307.c
+++ b/source3/winbindd/idmap_rfc2307.c
@@ -99,6 +99,11 @@ static NTSTATUS idmap_rfc2307_ads_search(struct idmap_rfc2307_context *ctx,
 
        status = ads_do_search_retry(ctx->ads, bind_path,
                                     LDAP_SCOPE_SUBTREE, expr, attrs, result);
+
+       if (!ADS_ERR_OK(status)) {
+               return ads_ntstatus(status);
+       }
+
        ctx->ldap = ctx->ads->ldap.ld;
        return ads_ntstatus(status);
 }