Download raw body.
aldap_parse_page_control(): fix NULL pointer deref
Hi,
This fix handels a NULL pointer dereference in all
aldap_parse_page_control() functions. When the following malloc(3)
call returns a valid pointer the elm pointer is used.
ok?
bye,
Jan
Index: libexec/login_ldap/aldap.c
===================================================================
RCS file: /cvs/src/libexec/login_ldap/aldap.c,v
diff -u -p -r1.4 aldap.c
--- libexec/login_ldap/aldap.c 3 Jul 2026 11:28:31 -0000 1.4
+++ libexec/login_ldap/aldap.c 3 Jul 2026 11:43:40 -0000
@@ -460,7 +460,10 @@ aldap_parse_page_control(struct ber_elem
b.br_wbuf = NULL;
ober_scanf_elements(control, "ss", &oid, &encoded);
ober_set_readbuf(&b, encoded, control->be_next->be_len);
- elm = ober_read_elements(&b, NULL);
+ if ((elm = ober_read_elements(&b, NULL)) == NULL) {
+ ober_free(&b);
+ return NULL;
+ }
if ((page = malloc(sizeof(struct aldap_page_control))) == NULL) {
if (elm != NULL)
Index: usr.bin/ldap/aldap.c
===================================================================
RCS file: /cvs/src/usr.bin/ldap/aldap.c,v
diff -u -p -r1.12 aldap.c
--- usr.bin/ldap/aldap.c 3 Jul 2026 11:28:31 -0000 1.12
+++ usr.bin/ldap/aldap.c 3 Jul 2026 11:43:40 -0000
@@ -460,7 +460,10 @@ aldap_parse_page_control(struct ber_elem
b.br_wbuf = NULL;
ober_scanf_elements(control, "ss", &oid, &encoded);
ober_set_readbuf(&b, encoded, control->be_next->be_len);
- elm = ober_read_elements(&b, NULL);
+ if ((elm = ober_read_elements(&b, NULL)) == NULL) {
+ ober_free(&b);
+ return NULL;
+ }
if ((page = malloc(sizeof(struct aldap_page_control))) == NULL) {
if (elm != NULL)
Index: usr.sbin/ypldap/aldap.c
===================================================================
RCS file: /cvs/src/usr.sbin/ypldap/aldap.c,v
diff -u -p -r1.51 aldap.c
--- usr.sbin/ypldap/aldap.c 3 Jul 2026 11:28:31 -0000 1.51
+++ usr.sbin/ypldap/aldap.c 3 Jul 2026 11:43:40 -0000
@@ -496,7 +496,10 @@ aldap_parse_page_control(struct ber_elem
b.br_wbuf = NULL;
ober_scanf_elements(control, "ss", &oid, &encoded);
ober_set_readbuf(&b, encoded, control->be_next->be_len);
- elm = ober_read_elements(&b, NULL);
+ if ((elm = ober_read_elements(&b, NULL)) == NULL) {
+ ober_free(&b);
+ return NULL;
+ }
if ((page = malloc(sizeof(struct aldap_page_control))) == NULL) {
if (elm != NULL)
aldap_parse_page_control(): fix NULL pointer deref