Fix NULL pointer deref bugs

[openldap] / libraries / libldap / kbind.c

diff --git a/libraries/libldap/kbind.c b/libraries/libldap/kbind.c
index 826f8701ceffce254d0832d706b6cdb0432ee11c..191ef01a88dff97b027b9fd2acd74904e31c20cf 100644 (file)
--- a/libraries/libldap/kbind.c
+++ b/libraries/libldap/kbind.c
@@ -1,3 +1,4 @@
+/* $OpenLDAP$ */
 /*
  * Copyright 1998-1999 The OpenLDAP Foundation, All Rights Reserved.
  * COPYING RESTRICTIONS APPLY, see COPYRIGHT file
@@ -9,12 +10,33 @@
  *  kbind.c
  */
 
+/*
+ *     BindRequest ::= SEQUENCE {
+ *             version         INTEGER,
+ *             name            DistinguishedName,       -- who
+ *             authentication  CHOICE {
+ *                     simple          [0] OCTET STRING -- passwd
+#ifdef LDAP_API_FEATURE_X_OPENLDAP_V2_KBIND
+ *                     krbv42ldap      [1] OCTET STRING
+ *                     krbv42dsa       [2] OCTET STRING
+#endif
+ *                     sasl            [3] SaslCredentials     -- LDAPv3
+ *             }
+ *     }
+ *
+ *     BindResponse ::= SEQUENCE {
+ *             COMPONENTS OF LDAPResult,
+ *             serverSaslCreds         OCTET STRING OPTIONAL -- LDAPv3
+ *     }
+ *
+ */
+
 #include "portable.h"
 
-#ifdef HAVE_KERBEROS
+#ifdef LDAP_API_FEATURE_X_OPENLDAP_V2_KBIND
 
 #include <stdio.h>
-#include <stdlib.h>
+#include <ac/stdlib.h>
 
 #include <ac/krb.h>
 #include <ac/socket.h>
@@ -39,24 +61,12 @@ ldap_kerberos_bind1( LDAP *ld, LDAP_CONST char *dn )
 {
        BerElement      *ber;
        char            *cred;
-       int             rc, credlen;
+       int             rc;
+       ber_len_t credlen;
 #ifdef STR_TRANSLATION
        int             str_translation_on;
 #endif /* STR_TRANSLATION */
 
-       /*
-        * The bind request looks like this:
-        *      BindRequest ::= SEQUENCE {
-        *              version         INTEGER,
-        *              name            DistinguishedName,
-        *              authentication  CHOICE {
-        *                      krbv42ldap      [1] OCTET STRING
-        *                      krbv42dsa       [2] OCTET STRING
-        *              }
-        *      }
-        * all wrapped up in an LDAPMessage sequence.
-        */
-
        Debug( LDAP_DEBUG_TRACE, "ldap_kerberos_bind1\n", 0, 0, 0 );
 
        if ( dn == NULL )
@@ -68,7 +78,7 @@ ldap_kerberos_bind1( LDAP *ld, LDAP_CONST char *dn )
        }
 
        /* create a message to send */
-       if ( (ber = ldap_alloc_ber_with_options( ld )) == NULLBER ) {
+       if ( (ber = ldap_alloc_ber_with_options( ld )) == NULL ) {
                LDAP_FREE( cred );
                return( -1 );
        }
@@ -145,7 +155,8 @@ ldap_kerberos_bind2( LDAP *ld, LDAP_CONST char *dn )
 {
        BerElement      *ber;
        char            *cred;
-       int             rc, credlen;
+       int             rc;
+       ber_len_t credlen;
 #ifdef STR_TRANSLATION
        int             str_translation_on;
 #endif /* STR_TRANSLATION */
@@ -161,7 +172,7 @@ ldap_kerberos_bind2( LDAP *ld, LDAP_CONST char *dn )
        }
 
        /* create a message to send */
-       if ( (ber = ldap_alloc_ber_with_options( ld )) == NULLBER ) {
+       if ( (ber = ldap_alloc_ber_with_options( ld )) == NULL ) {
                LDAP_FREE( cred );
                return( -1 );
        }
@@ -245,7 +256,7 @@ ldap_get_kerberosv4_credentials(
        LDAP *ld,
        LDAP_CONST char *who,
        LDAP_CONST char *service,
-       int *len )
+       ber_len_t *len )
 {
        KTEXT_ST        ktxt;
        int             err;
@@ -262,6 +273,13 @@ ldap_get_kerberosv4_credentials(
                return( NULL );
        }
 
+       if( ! ber_pvt_sb_in_use( &ld->ld_sb ) ) {
+               /* not connected yet */
+               int rc = ldap_open_defconn( ld );
+
+               if( rc < 0 ) return NULL;
+       }
+
        krbinstance = ld->ld_defconn->lconn_krbinstance;
 
        if ( (err = krb_mk_req( &ktxt, service, krbinstance, realm, 0 ))
@@ -285,4 +303,4 @@ ldap_get_kerberosv4_credentials(
 }
 
 #endif /* !AUTHMAN */
-#endif /* HAVE_KERBEROS */
+#endif /* LDAP_API_FEATURE_X_OPENLDAP_V2_KBIND */