From 480f8a40e9ff8d7f344faac1a9af64972cf2288a Mon Sep 17 00:00:00 2001

From: Robbie Harwood <rharwood@redhat.com>

Date: Thu, 5 Sep 2019 13:00:27 -0400

Subject: [PATCH] Fix segfault in ipadb_parse_ldap_entry()

lcontext may be NULL here, probably due to a restarted 389ds.  Based on

a patch by Rob Crittenden.

Signed-off-by: Robbie Harwood <rharwood@redhat.com>

Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>

---

 daemons/ipa-kdb/ipa_kdb_principals.c | 13 +++++++++++++

 1 file changed, 13 insertions(+)

diff --git a/daemons/ipa-kdb/ipa_kdb_principals.c b/daemons/ipa-kdb/ipa_kdb_principals.c

index b27612258bbe198154dea5b5d79e551caf9857d1..0fe8e396b9bc011b77b183851389f6c57c70a2c9 100644

--- a/daemons/ipa-kdb/ipa_kdb_principals.c

+++ b/daemons/ipa-kdb/ipa_kdb_principals.c

@@ -21,7 +21,9 @@

  */

 #include "ipa_kdb.h"

+#include "ipa_krb5.h"

 #include <unicase.h>

+#include <syslog.h>

 /*

  * During TGS request search by ipaKrbPrincipalName (case-insensitive)

@@ -554,6 +556,17 @@ static krb5_error_code ipadb_parse_ldap_entry(krb5_context kcontext,

         return KRB5_KDB_DBNOTINITED;

     }

     lcontext = ipactx->lcontext;

+    if (!lcontext) {

+        krb5_klog_syslog(LOG_INFO,

+                         "No LDAP connection in ipadb_parse_ldap_entry(); retrying...\n");

+        ret = ipadb_get_connection(ipactx);

+        if (ret != 0) {

+            krb5_klog_syslog(LOG_ERR,

+                             "No LDAP connection on retry in ipadb_parse_ldap_entry()!\n");

+            kerr = KRB5_KDB_INTERNAL_ERROR;

+            goto done;

+        }

+    }

     entry->magic = KRB5_KDB_MAGIC_NUMBER;

     entry->len = KRB5_KDB_V1_BASE_LENGTH;

-- 

2.20.1