make sure NULL pointers are not dereferenced

[openldap] / servers / slapd / config.c

diff --git a/servers/slapd/config.c b/servers/slapd/config.c
index 34ebb1d25cd4df9f5d2a1b2f604439814aeca354..023520b32c692430808278828b47d4ad3d47f169 100644 (file)
--- a/servers/slapd/config.c
+++ b/servers/slapd/config.c
@@ -1011,12 +1011,14 @@ enum_to_verb(slap_verbmasks *v, slap_mask_t m, struct berval *bv) {
        return -1;
 }
 
+#ifdef HAVE_TLS
 static slap_verbmasks tlskey[] = {
        { BER_BVC("no"),        SB_TLS_OFF },
        { BER_BVC("yes"),       SB_TLS_ON },
        { BER_BVC("critical"),  SB_TLS_CRITICAL },
        { BER_BVNULL, 0 }
 };
+#endif
 
 static slap_verbmasks methkey[] = {
        { BER_BVC("none"),      LDAP_AUTH_NONE },
@@ -1029,7 +1031,6 @@ static slap_verbmasks methkey[] = {
 
 static slap_cf_aux_table bindkey[] = {
        { BER_BVC("uri="), offsetof(slap_bindconf, sb_uri), 'b', 1, NULL },
-       { BER_BVC("starttls="), offsetof(slap_bindconf, sb_tls), 'd', 0, tlskey },
        { BER_BVC("bindmethod="), offsetof(slap_bindconf, sb_method), 'd', 0, methkey },
        { BER_BVC("binddn="), offsetof(slap_bindconf, sb_binddn), 'b', 1, NULL },
        { BER_BVC("credentials="), offsetof(slap_bindconf, sb_cred), 'b', 1, NULL },
@@ -1039,6 +1040,10 @@ static slap_cf_aux_table bindkey[] = {
        { BER_BVC("authcID="), offsetof(slap_bindconf, sb_authcId), 'b', 0, NULL },
        { BER_BVC("authzID="), offsetof(slap_bindconf, sb_authzId), 'b', 1, NULL },
 #ifdef HAVE_TLS
+       { BER_BVC("starttls="), offsetof(slap_bindconf, sb_tls), 'd', 0, tlskey },
+
+#define aux_TLS (bindkey+10)   /* beginning of TLS keywords */
+
        { BER_BVC("tls_cert="), offsetof(slap_bindconf, sb_tls_cert), 's', 1, NULL },
        { BER_BVC("tls_key="), offsetof(slap_bindconf, sb_tls_key), 's', 1, NULL },
        { BER_BVC("tls_cacert="), offsetof(slap_bindconf, sb_tls_cacert), 's', 1, NULL },
@@ -1055,7 +1060,7 @@ static slap_cf_aux_table bindkey[] = {
 int
 slap_cf_aux_table_parse( const char *word, void *dst, slap_cf_aux_table *tab0, LDAP_CONST char *tabmsg )
 {
-       int rc = 0;
+       int rc = SLAP_CONF_UNKNOWN;
        slap_cf_aux_table *tab;
 
        for (tab = tab0; !BER_BVISNULL(&tab->key); tab++ ) {
@@ -1072,11 +1077,13 @@ slap_cf_aux_table_parse( const char *word, void *dst, slap_cf_aux_table *tab0, L
                        case 's':
                                cptr = (char **)((char *)dst + tab->off);
                                *cptr = ch_strdup( val );
+                               rc = 0;
                                break;
 
                        case 'b':
                                bptr = (struct berval *)((char *)dst + tab->off);
                                ber_str2bv( val, 0, 1, bptr );
+                               rc = 0;
                                break;
 
                        case 'd':
@@ -1216,6 +1223,13 @@ slap_cf_aux_table_unparse( void *src, struct berval *bv, slap_cf_aux_table *tab0
 int
 bindconf_parse( const char *word, slap_bindconf *bc )
 {
+#ifdef HAVE_TLS
+       /* Detect TLS config changes explicitly */
+       if ( slap_cf_aux_table_parse( word, bc, aux_TLS, "tls config" ) == 0 ) {
+               bc->sb_tls_do_init = 1;
+               return 0;
+       }
+#endif
        return slap_cf_aux_table_parse( word, bc, bindkey, "bind config" );
 }
 
@@ -1315,6 +1329,8 @@ int bindconf_tls_set( slap_bindconf *bc, LDAP *ld )
        int i, rc, newctx = 0, res = 0;
        char *ptr = (char *)bc, **word;
 
+       bc->sb_tls_do_init = 0;
+
        for (i=0; bindtlsopts[i].opt; i++) {
                word = (char **)(ptr + bindtlsopts[i].offset);
                if ( *word ) {
@@ -1354,6 +1370,11 @@ int bindconf_tls_set( slap_bindconf *bc, LDAP *ld )
 #endif
        if ( newctx ) {
                int opt = 0;
+
+               if ( bc->sb_tls_ctx ) {
+                       SSL_CTX_free( bc->sb_tls_ctx );
+                       bc->sb_tls_ctx = NULL;
+               }
                rc = ldap_set_option( ld, LDAP_OPT_X_TLS_NEWCTX, &opt );
                if ( rc )
                        res = rc;