4 files changed, 17 insertions, 36 deletions
diff --git a/source4/libcli/cldap/cldap.c b/source4/libcli/cldap/cldap.c
index 41d5f1a06e..71326caa37 100644
--- a/source4/libcli/cldap/cldap.c
+++ b/source4/libcli/cldap/cldap.c
@@ -328,7 +328,10 @@ struct cldap_request *cldap_search_send(struct cldap_socket *cldap,
 	search->attributesonly = False;
 	search->num_attributes = str_list_length(io->in.attributes);
 	search->attributes     = io->in.attributes;
-	search->filter         = io->in.filter;
+	search->tree           = ldb_parse_tree(req, io->in.filter);
+	if (search->tree == NULL) {
+		goto failed;
+	}
 
 	if (!ldap_encode(&msg, &req->encoded)) {
 		DEBUG(0,("Failed to encode cldap message to %s:%d\n",
diff --git a/source4/libcli/ldap/ldap.c b/source4/libcli/ldap/ldap.c
index 2718dd7e34..0d310b4eed 100644
--- a/source4/libcli/ldap/ldap.c
+++ b/source4/libcli/ldap/ldap.c
@@ -152,7 +152,6 @@ BOOL ldap_encode(struct ldap_message *msg, DATA_BLOB *result)
 	}
 	case LDAP_TAG_SearchRequest: {
 		struct ldap_SearchRequest *r = &msg->r.SearchRequest;
-		struct ldb_parse_tree *tree;
 		asn1_push_tag(&data, ASN1_APPLICATION(msg->type));
 		asn1_write_OctetString(&data, r->basedn, strlen(r->basedn));
 		asn1_write_enumerated(&data, r->scope);
@@ -161,14 +160,7 @@ BOOL ldap_encode(struct ldap_message *msg, DATA_BLOB *result)
 		asn1_write_Integer(&data, r->timelimit);
 		asn1_write_BOOLEAN(&data, r->attributesonly);
 
-		tree = ldb_parse_tree(NULL, r->filter);
-
-		if (tree == NULL)
-			return False;
-
-		ldap_push_filter(&data, tree);
-
-		talloc_free(tree);
+		ldap_push_filter(&data, r->tree);
 
 		asn1_push_tag(&data, ASN1_SEQUENCE(0));
 		for (i=0; i<r->num_attributes; i++) {
@@ -176,7 +168,6 @@ BOOL ldap_encode(struct ldap_message *msg, DATA_BLOB *result)
 					       strlen(r->attributes[i]));
 		}
 		asn1_pop_tag(&data);
-
 		asn1_pop_tag(&data);
 		break;
 	}
@@ -413,6 +404,10 @@ static void ldap_decode_response(TALLOC_CTX *mem_ctx,
 	}
 }
 
+
+/*
+  parse the ASN.1 formatted search string into a ldb_parse_tree
+*/
 static struct ldb_parse_tree *ldap_decode_filter_tree(TALLOC_CTX *mem_ctx, 
 						      struct asn1_data *data)
 {
@@ -540,25 +535,6 @@ failed:
 }
 
 
-static BOOL ldap_decode_filter(TALLOC_CTX *mem_ctx, struct asn1_data *data,
-			       const char **filterp)
-{
-	struct ldb_parse_tree *tree;
-
-	tree = ldap_decode_filter_tree(mem_ctx, data);
-	if (tree == NULL) {
-		return False;
-	}
-	*filterp = ldb_filter_from_tree(mem_ctx, tree);
-	talloc_free(tree);
-	if (*filterp == NULL) {
-		return False;
-	}
-	return True;
-}
-
-
-
 static void ldap_decode_attrib(TALLOC_CTX *mem_ctx, struct asn1_data *data,
 			       struct ldap_attribute *attrib)
 {
@@ -674,9 +650,10 @@ BOOL ldap_decode(struct asn1_data *data, struct ldap_message *msg)
 		asn1_read_Integer(data, &r->timelimit);
 		asn1_read_BOOLEAN(data, &r->attributesonly);
 
-		/* Maybe create a TALLOC_CTX for the filter? This can waste
-		 * quite a bit of memory recursing down. */
-		ldap_decode_filter(msg->mem_ctx, data, &r->filter);
+		r->tree = ldap_decode_filter_tree(msg->mem_ctx, data);
+		if (r->tree == NULL) {
+			return False;
+		}
 
 		asn1_start_tag(data, ASN1_SEQUENCE(0));
 
diff --git a/source4/libcli/ldap/ldap.h b/source4/libcli/ldap/ldap.h
index 12d30a2610..a44c249e7a 100644
--- a/source4/libcli/ldap/ldap.h
+++ b/source4/libcli/ldap/ldap.h
@@ -23,7 +23,6 @@
 #define _SMB_LDAP_H
 
 #include "lib/ldb/include/ldb.h"
-#include "lib/ldb/include/ldb_parse.h"
 
 enum ldap_request_tag {
 	LDAP_TAG_BindRequest = 0,
@@ -152,7 +151,7 @@ struct ldap_SearchRequest {
 	uint32_t timelimit;
 	uint32_t sizelimit;
 	BOOL attributesonly;
-	const char *filter;
+	struct ldb_parse_tree *tree;
 	int num_attributes;
 	const char **attributes;
 };
diff --git a/source4/libcli/util/asn1.c b/source4/libcli/util/asn1.c
index 1124cc1701..dff31f6411 100644
--- a/source4/libcli/util/asn1.c
+++ b/source4/libcli/util/asn1.c
@@ -509,9 +509,11 @@ BOOL asn1_read_OctetString(struct asn1_data *data, DATA_BLOB *blob)
 		data->has_error = True;
 		return False;
 	}
-	*blob = data_blob(NULL, len);
+	*blob = data_blob(NULL, len+1);
 	asn1_read(data, blob->data, len);
 	asn1_end_tag(data);
+	blob->length--;
+	blob->data[len] = 0;
 	
 	if (data->has_error) {
 		data_blob_free(blob);