diff options
| author | Peter Eisentraut <peter_e@gmx.net> | 2017-11-10 14:21:32 -0500 |
|---|---|---|
| committer | Peter Eisentraut <peter_e@gmx.net> | 2017-11-10 14:27:51 -0500 |
| commit | f9e2885d51bf585bec2d5ffeda4f9e5e1a723f4d (patch) | |
| tree | 9dba9c5106b89fe1b319dd27e3c11798d787f484 /src | |
| parent | d33fc27e8df65e89497b4b50e82900fc2bfd0b14 (diff) | |
| download | postgresql-f9e2885d51bf585bec2d5ffeda4f9e5e1a723f4d.tar.gz postgresql-f9e2885d51bf585bec2d5ffeda4f9e5e1a723f4d.zip | |
Fix some null pointer dereferences in LDAP auth code
An LDAP URL without a host name such as "ldap://" or without a base DN
such as "ldap://localhost" would cause a crash when reading pg_hba.conf.
If no binddn is configured, an error message might end up trying to print a
null pointer, which could crash on some platforms.
Author: Thomas Munro <thomas.munro@enterprisedb.com>
Reviewed-by: Michael Paquier <michael.paquier@gmail.com>
Diffstat (limited to 'src')
| -rw-r--r-- | src/backend/libpq/auth.c | 3 | ||||
| -rw-r--r-- | src/backend/libpq/hba.c | 6 |
2 files changed, 6 insertions, 3 deletions
diff --git a/src/backend/libpq/auth.c b/src/backend/libpq/auth.c index cb30fc7b714..547f1f770aa 100644 --- a/src/backend/libpq/auth.c +++ b/src/backend/libpq/auth.c @@ -2474,7 +2474,8 @@ CheckLDAPAuth(Port *port) { ereport(LOG, (errmsg("could not perform initial LDAP bind for ldapbinddn \"%s\" on server \"%s\": %s", - port->hba->ldapbinddn, port->hba->ldapserver, ldap_err2string(r)))); + port->hba->ldapbinddn ? port->hba->ldapbinddn : "", + port->hba->ldapserver, ldap_err2string(r)))); pfree(passwd); return STATUS_ERROR; } diff --git a/src/backend/libpq/hba.c b/src/backend/libpq/hba.c index ba011b6d61b..08a1db74a07 100644 --- a/src/backend/libpq/hba.c +++ b/src/backend/libpq/hba.c @@ -1721,9 +1721,11 @@ parse_hba_auth_opt(char *name, char *val, HbaLine *hbaline, return false; } - hbaline->ldapserver = pstrdup(urldata->lud_host); + if (urldata->lud_host) + hbaline->ldapserver = pstrdup(urldata->lud_host); hbaline->ldapport = urldata->lud_port; - hbaline->ldapbasedn = pstrdup(urldata->lud_dn); + if (urldata->lud_dn) + hbaline->ldapbasedn = pstrdup(urldata->lud_dn); if (urldata->lud_attrs) hbaline->ldapsearchattribute = pstrdup(urldata->lud_attrs[0]); /* only use first one */ |