From c8bfb8eb094e5bb80de8f5fa991910954d47b351 Mon Sep 17 00:00:00 2001
From: Matthias Dieter Wallnöfer <mdw@samba.org>
Date: Fri, 4 May 2012 11:42:14 +0200
Subject: s4:dsdb - always fail if a search filter could not be parsed

A NULL string/expression returns the generic "(objectClass=*)" filter

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
---
 source4/libcli/ldap/ldap_ildap.c | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

(limited to 'source4/libcli')

diff --git a/source4/libcli/ldap/ldap_ildap.c b/source4/libcli/ldap/ldap_ildap.c
index 10fe8e4916..8b6f8e8ddd 100644
--- a/source4/libcli/ldap/ldap_ildap.c
+++ b/source4/libcli/ldap/ldap_ildap.c
@@ -119,8 +119,12 @@ _PUBLIC_ NTSTATUS ildap_search(struct ldap_connection *conn, const char *basedn,
 		      struct ldb_control ***control_res,
 		      struct ldap_message ***results)
 {
-	struct ldb_parse_tree *tree = ldb_parse_tree(conn, expression);
 	NTSTATUS status;
+	struct ldb_parse_tree *tree = ldb_parse_tree(conn, expression);
+
+	if (tree == NULL) {
+		return NT_STATUS_INVALID_PARAMETER;
+	}
 	status = ildap_search_bytree(conn, basedn, scope, tree, attrs,
 				     attributesonly, control_req,
 				     control_res, results);
-- 
cgit