From b9609cedf57b877c805681c94a65676a7960bef8 Mon Sep 17 00:00:00 2001
From: Hallvard Furuseth <hallvard@openldap.org>
Date: Mon, 17 Jan 2011 13:15:27 +0000
Subject: [PATCH] Catch ber errors in vc (Verify Credentials)

---
 contrib/slapd-modules/vc/vc.c | 11 ++++++++---
 libraries/libldap/vc.c        | 27 +++++++++++++++++----------
 2 files changed, 25 insertions(+), 13 deletions(-)

diff --git a/contrib/slapd-modules/vc/vc.c b/contrib/slapd-modules/vc/vc.c
index 1ec01ecdc3..4e61bf5b4a 100644
--- a/contrib/slapd-modules/vc/vc.c
+++ b/contrib/slapd-modules/vc/vc.c
@@ -82,6 +82,9 @@ vc_create_response(
 	*val = NULL;
 
 	ber_init2( ber, NULL, LBER_USE_DER );
+	if ( ber == NULL ) {
+		return -1;
+	}
 
 	(void)ber_printf( ber, "{is" /*}*/ , resultCode, diagnosticMessage ? diagnosticMessage : "" );
 
@@ -130,11 +133,13 @@ vc_create_response(
 		if ( rc == -1 ) goto done;
 	}
 
-	ber_printf( ber, /*{*/ "}" );
+	rc = ber_printf( ber, /*{*/ "}" );
+	if ( rc == -1 ) goto done;
 
 	rc = ber_flatten2( ber, &bv, 0 );
-
-	*val = ber_bvdup( &bv );
+	if ( rc == 0 ) {
+		*val = ber_bvdup( &bv );
+	}
 
 done:;
 	ber_free_buf( ber );
diff --git a/libraries/libldap/vc.c b/libraries/libldap/vc.c
index 47b0b8d758..0fc095cab2 100644
--- a/libraries/libldap/vc.c
+++ b/libraries/libldap/vc.c
@@ -92,7 +92,11 @@ int ldap_parse_verify_credentials(
 			goto done;
 		}
 
-		ber_scanf(ber, "{im" /*"}"*/, &i, &diagmsg_bv);
+		rc = LDAP_DECODING_ERROR;
+
+		if (ber_scanf(ber, "{im" /*"}"*/, &i, &diagmsg_bv) == LBER_ERROR) {
+			goto ber_done;
+		}
 		if ( diagmsg != NULL ) {
 			*diagmsg = LDAP_MALLOC( diagmsg_bv.bv_len + 1 );
 			AC_MEMCPY( *diagmsg, diagmsg_bv.bv_val, diagmsg_bv.bv_len );
@@ -102,13 +106,15 @@ int ldap_parse_verify_credentials(
 
 		tag = ber_peek_tag(ber, &len);
 		if (tag == LDAP_TAG_EXOP_VERIFY_CREDENTIALS_COOKIE) {
-			ber_scanf(ber, "O", cookie);
-		    tag = ber_peek_tag(ber, &len);
+			if (ber_scanf(ber, "O", cookie) == LBER_ERROR)
+				goto ber_done;
+			tag = ber_peek_tag(ber, &len);
 		}
 
 		if (tag == LDAP_TAG_EXOP_VERIFY_CREDENTIALS_SCREDS) {
-			ber_scanf(ber, "O", screds);
-		    tag = ber_peek_tag(ber, &len);
+			if (ber_scanf(ber, "O", screds) == LBER_ERROR)
+				goto ber_done;
+			tag = ber_peek_tag(ber, &len);
 		}
 
 		if (tag == LDAP_TAG_EXOP_VERIFY_CREDENTIALS_CONTROLS) {
@@ -119,7 +125,7 @@ int ldap_parse_verify_credentials(
 
 			if (!*ctrls) {
 				rc = LDAP_NO_MEMORY;
-				goto done;
+				goto ber_done;
 			}
 
 			*ctrls[nctrls] = NULL;
@@ -144,7 +150,7 @@ int ldap_parse_verify_credentials(
 					ldap_controls_free(*ctrls);
 					*ctrls = NULL;
 				    rc = LDAP_NO_MEMORY;
-				    goto done;
+				    goto ber_done;
 				}
 
 				tctrls[nctrls++] = tctrl;
@@ -154,8 +160,7 @@ int ldap_parse_verify_credentials(
 				if (tag == LBER_ERROR) {
 					*ctrls = NULL;
 					ldap_controls_free(tctrls);
-					rc = LDAP_DECODING_ERROR;
-					goto done;
+					goto ber_done;
 				}
 
 				tag = ber_peek_tag(ber, &len);
@@ -176,6 +181,9 @@ int ldap_parse_verify_credentials(
 			}
 	    }
 
+		rc = LDAP_SUCCESS;
+
+	ber_done:
 	    ber_free(ber, 1);
     }
 
@@ -357,4 +365,3 @@ ldap_verify_credentials_interactive (
     return ld->ld_errno;
 }
 #endif
-
-- 
2.39.5