summaryrefslogtreecommitdiff
path: root/source4/libcli/ldap/ldap.c
diff options
context:
space:
mode:
Diffstat (limited to 'source4/libcli/ldap/ldap.c')
-rw-r--r--source4/libcli/ldap/ldap.c25
1 files changed, 21 insertions, 4 deletions
diff --git a/source4/libcli/ldap/ldap.c b/source4/libcli/ldap/ldap.c
index 6a0b86f78b..5a7174b41d 100644
--- a/source4/libcli/ldap/ldap.c
+++ b/source4/libcli/ldap/ldap.c
@@ -949,8 +949,14 @@ BOOL ldap_decode(struct asn1_data *data, struct ldap_message *msg)
r->mechanism = LDAP_AUTH_MECH_SIMPLE;
asn1_start_tag(data, ASN1_CONTEXT_SIMPLE(0));
pwlen = asn1_tag_remaining(data);
+ if (pwlen == -1) {
+ return False;
+ }
if (pwlen != 0) {
char *pw = talloc_size(msg, pwlen+1);
+ if (!pw) {
+ return False;
+ }
asn1_read(data, pw, pwlen);
pw[pwlen] = '\0';
r->creds.password = pw;
@@ -974,6 +980,9 @@ BOOL ldap_decode(struct asn1_data *data, struct ldap_message *msg)
r->creds.SASL.secblob = NULL;
}
asn1_end_tag(data);
+ } else {
+ /* Neither Simple nor SASL bind */
+ return False;
}
asn1_end_tag(data);
break;
@@ -1096,8 +1105,9 @@ BOOL ldap_decode(struct asn1_data *data, struct ldap_message *msg)
ldap_decode_attrib(msg, data, &mod.attrib);
asn1_end_tag(data);
if (!add_mod_to_array_talloc(msg, &mod,
- &r->mods, &r->num_mods))
- break;
+ &r->mods, &r->num_mods)) {
+ return False;
+ }
}
asn1_end_tag(data);
@@ -1146,6 +1156,9 @@ BOOL ldap_decode(struct asn1_data *data, struct ldap_message *msg)
asn1_start_tag(data,
ASN1_APPLICATION_SIMPLE(LDAP_TAG_DelRequest));
len = asn1_tag_remaining(data);
+ if (len == -1) {
+ return False;
+ }
dn = talloc_size(msg, len+1);
if (dn == NULL)
break;
@@ -1179,9 +1192,13 @@ BOOL ldap_decode(struct asn1_data *data, struct ldap_message *msg)
char *newsup;
asn1_start_tag(data, ASN1_CONTEXT_SIMPLE(0));
len = asn1_tag_remaining(data);
+ if (len == -1) {
+ return False;
+ }
newsup = talloc_size(msg, len+1);
- if (newsup == NULL)
- break;
+ if (newsup == NULL) {
+ return False;
+ }
asn1_read(data, newsup, len);
newsup[len] = '\0';
r->newsuperior = newsup;