From e3b76bd6205acfc1a89fbcab5d9588b32cb47b88 Mon Sep 17 00:00:00 2001
From: Andrew Tridgell <tridge@samba.org>
Date: Thu, 28 Jul 2011 15:51:31 +1000
Subject: ldb: fixed a search expression parse bug

when a secondary component of a & or | expression was invalid, it was
ignored rather than giving an error. For example:

 (|(objectclass=user)(samaccountname=foo\blah))

was treated as being:

 (objectclass=user)

whereas it should be an error, as foo\blah is invalid

Pair-Programmed-With: Amitay Isaacs <amitay@gmail.com>
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
---
 lib/ldb/common/ldb_parse.c | 12 +++++++++++-
 1 file changed, 11 insertions(+), 1 deletion(-)

(limited to 'lib')

diff --git a/lib/ldb/common/ldb_parse.c b/lib/ldb/common/ldb_parse.c
index b4eabf8375..8c6c2d993e 100644
--- a/lib/ldb/common/ldb_parse.c
+++ b/lib/ldb/common/ldb_parse.c
@@ -534,8 +534,18 @@ static struct ldb_parse_tree *ldb_parse_filterlist(TALLOC_CTX *mem_ctx, const ch
 
 	while (isspace((unsigned char)*p)) p++;
 
-	while (*p && (next = ldb_parse_filter(ret->u.list.elements, &p))) {
+	while (*p) {
+		if (*p == ')') {
+			break;
+		}
+
+		next = ldb_parse_filter(ret->u.list.elements, &p);
 		struct ldb_parse_tree **e;
+		if (next == NULL) {
+			/* an invalid filter element */
+			talloc_free(ret);
+			return NULL;
+		}
 		e = talloc_realloc(ret, ret->u.list.elements, 
 				     struct ldb_parse_tree *, 
 				     ret->u.list.num_elements + 1);
-- 
cgit