Properly handle errors from a password change operation

1 files changed, 14 insertions, 8 deletions

diff --git a/src/providers/ldap/sdap_async.c b/src/providers/ldap/sdap_async.c
index 0f260242..cd61a221 100644
--- a/src/providers/ldap/sdap_async.c
+++ b/src/providers/ldap/sdap_async.c
@@ -576,22 +576,28 @@ static void sdap_exop_modify_passwd_done(struct sdap_op *op,
         }
     }
 
+    DEBUG(3, ("ldap_extended_operation result: %s(%d), %s\n",
+              ldap_err2string(state->result), state->result, errmsg));
+
     if (state->result != LDAP_SUCCESS) {
-        state->user_error_message = talloc_strdup(state, errmsg);
-        if (state->user_error_message == NULL) {
-            DEBUG(1, ("talloc_strdup failed.\n"));
+        if (errmsg) {
+            state->user_error_message = talloc_strdup(state, errmsg);
+            if (state->user_error_message == NULL) {
+                DEBUG(1, ("talloc_strdup failed.\n"));
+                ret = ENOMEM;
+                goto done;
+            }
         }
+        ret = EIO;
+        goto done;
     }
 
-    DEBUG(3, ("ldap_extended_operation result: %s(%d), %s\n",
-              ldap_err2string(state->result), state->result, errmsg));
-
-    ret = LDAP_SUCCESS;
+    ret = EOK;
 done:
     ldap_controls_free(response_controls);
     ldap_memfree(errmsg);
 
-    if (ret == LDAP_SUCCESS) {
+    if (ret == EOK) {
         tevent_req_done(req);
     } else {
         tevent_req_error(req, ret);