Fix some null pointer dereferences in LDAP auth code

An LDAP URL without a host name such as "ldap://" or without a base DN
such as "ldap://localhost" would cause a crash when reading pg_hba.conf.

If no binddn is configured, an error message might end up trying to print a
null pointer, which could crash on some platforms.

Author: Thomas Munro <thomas.munro@enterprisedb.com>
Reviewed-by: Michael Paquier <michael.paquier@gmail.com>

diff --git a/src/backend/libpq/auth.c b/src/backend/libpq/auth.c
index cb30fc7b7146f055b1115ba318f0fbb8d2a09180..547f1f770aa660892d10431f1b2e764eaeab91f1 100644 (file)
--- a/src/backend/libpq/auth.c
+++ b/src/backend/libpq/auth.c
@@ -2474,7 +2474,8 @@ CheckLDAPAuth(Port *port)
        {
            ereport(LOG,
                    (errmsg("could not perform initial LDAP bind for ldapbinddn \"%s\" on server \"%s\": %s",
-                           port->hba->ldapbinddn, port->hba->ldapserver, ldap_err2string(r))));
+                           port->hba->ldapbinddn ? port->hba->ldapbinddn : "",
+                           port->hba->ldapserver, ldap_err2string(r))));
            pfree(passwd);
            return STATUS_ERROR;
        }

diff --git a/src/backend/libpq/hba.c b/src/backend/libpq/hba.c
index ba011b6d61bf97460fb465ac6daef17ca8a6588a..08a1db74a0798962fc4a7a26808186b7165eec32 100644 (file)
--- a/src/backend/libpq/hba.c
+++ b/src/backend/libpq/hba.c
@@ -1721,9 +1721,11 @@ parse_hba_auth_opt(char *name, char *val, HbaLine *hbaline,
            return false;
        }
 
-       hbaline->ldapserver = pstrdup(urldata->lud_host);
+       if (urldata->lud_host)
+           hbaline->ldapserver = pstrdup(urldata->lud_host);
        hbaline->ldapport = urldata->lud_port;
-       hbaline->ldapbasedn = pstrdup(urldata->lud_dn);
+       if (urldata->lud_dn)
+           hbaline->ldapbasedn = pstrdup(urldata->lud_dn);
 
        if (urldata->lud_attrs)
            hbaline->ldapsearchattribute = pstrdup(urldata->lud_attrs[0]);  /* only use first one */