]> granicus.if.org Git - postgresql/commitdiff
Fix some null pointer dereferences in LDAP auth code
authorPeter Eisentraut <peter_e@gmx.net>
Fri, 10 Nov 2017 19:21:32 +0000 (14:21 -0500)
committerPeter Eisentraut <peter_e@gmx.net>
Fri, 10 Nov 2017 19:21:32 +0000 (14:21 -0500)
An LDAP URL without a host name such as "ldap://" or without a base DN
such as "ldap://localhost" would cause a crash when reading pg_hba.conf.

If no binddn is configured, an error message might end up trying to print a
null pointer, which could crash on some platforms.

Author: Thomas Munro <thomas.munro@enterprisedb.com>
Reviewed-by: Michael Paquier <michael.paquier@gmail.com>
src/backend/libpq/auth.c
src/backend/libpq/hba.c

index 6505b1f2b9befc58e09df201cf9743ced7c03be9..6c915a728901f1703bdffb41cc74b7bf282e2995 100644 (file)
@@ -2520,7 +2520,8 @@ CheckLDAPAuth(Port *port)
                {
                        ereport(LOG,
                                        (errmsg("could not perform initial LDAP bind for ldapbinddn \"%s\" on server \"%s\": %s",
-                                                       port->hba->ldapbinddn, port->hba->ldapserver,
+                                                       port->hba->ldapbinddn ? port->hba->ldapbinddn : "",
+                                                       port->hba->ldapserver,
                                                        ldap_err2string(r)),
                                         errdetail_for_ldap(ldap)));
                        ldap_unbind(ldap);
index 1e97c9db10c54d8e24f458423f530976b62d1977..ca78a7e0bade137262724831ea7efa62305b592d 100644 (file)
@@ -1739,9 +1739,11 @@ parse_hba_auth_opt(char *name, char *val, HbaLine *hbaline,
                        return false;
                }
 
-               hbaline->ldapserver = pstrdup(urldata->lud_host);
+               if (urldata->lud_host)
+                       hbaline->ldapserver = pstrdup(urldata->lud_host);
                hbaline->ldapport = urldata->lud_port;
-               hbaline->ldapbasedn = pstrdup(urldata->lud_dn);
+               if (urldata->lud_dn)
+                       hbaline->ldapbasedn = pstrdup(urldata->lud_dn);
 
                if (urldata->lud_attrs)
                        hbaline->ldapsearchattribute = pstrdup(urldata->lud_attrs[0]);  /* only use first one */