ldap: Fix crash in case of empty LDAP response for CRL fetch
authorYannick CANN <yannick.cann@sagem.com>
Thu, 6 Oct 2016 13:40:47 +0000 (15:40 +0200)
committerTobias Brunner <tobias@strongswan.org>
Thu, 6 Oct 2016 16:08:51 +0000 (18:08 +0200)
In case of an empty LDAP result during a CRL fetch (for example, due to
a wrong filter attribute in the LDAP URI, or invalid LDAP configuration),
the call to ldap_result2error() with NULL value for "entry" lead to
a crash.

Closes strongswan/strongswan#52.

src/libstrongswan/plugins/ldap/ldap_fetcher.c

index fe4c555..635d5fc 100644 (file)
@@ -93,8 +93,7 @@ static bool parse(LDAP *ldap, LDAPMessage *result, chunk_t *response)
        }
        else
        {
-               DBG1(DBG_LIB, "finding first LDAP entry failed: %s",
-                        ldap_err2string(ldap_result2error(ldap, entry, 0)));
+               DBG1(DBG_LIB, "finding first LDAP entry failed");
        }
        return success;
 }