From 8ad8f9baf00fd7230ba6a47765a287ad2521d51c Mon Sep 17 00:00:00 2001
From: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Date: Fri, 3 May 2019 16:56:14 +1200
Subject: [PATCH] dsdb/modules/acl: avoid deref of missing data (CID 1107200)

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
---
 source4/dsdb/samdb/ldb_modules/acl.c | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/source4/dsdb/samdb/ldb_modules/acl.c b/source4/dsdb/samdb/ldb_modules/acl.c
index 5d36f85b173..b1bbf936006 100644
--- a/source4/dsdb/samdb/ldb_modules/acl.c
+++ b/source4/dsdb/samdb/ldb_modules/acl.c
@@ -2170,9 +2170,11 @@ static int acl_search(struct ldb_module *module, struct ldb_request *req)
 	}
 
 	data = talloc_get_type(ldb_module_get_private(ac->module), struct acl_private);
-	if (data != NULL) {
-		ac->userPassword = data->userPassword_support;
+	if (data == NULL) {
+		return ldb_error(ldb, LDB_ERR_OPERATIONS_ERROR,
+				 "acl_private data is missing");
 	}
+	ac->userPassword = data->userPassword_support;
 
 	ret = acl_search_update_confidential_attrs(ac, data);
 	if (ret != LDB_SUCCESS) {
-- 
2.47.3