From 053cc6aed4e13693543b38b81564fd787e81cb5d Mon Sep 17 00:00:00 2001
From: Rich Megginson <rmeggins@redhat.com>
Date: Aug 08 2011 14:40:05 +0000
Subject: Bug 727511 - ldclt SSL search requests are failing with "illegal error number -1" error


https://bugzilla.redhat.com/show_bug.cgi?id=727511
Resolves: bug 727511
Bug Description: ldclt SSL search requests are failing with "illegal error number -1" error
Reviewed by: me
Branch: master
Fix Description: Fix coverity NULL deref defect in ldclt_clientauth
Platforms tested: RHEL6 x86_64
Flag Day: no
Doc impact: no

---

diff --git a/ldap/servers/slapd/tools/ldclt/ldapfct.c b/ldap/servers/slapd/tools/ldclt/ldapfct.c
index cd097d7..23d0a04 100644
--- a/ldap/servers/slapd/tools/ldclt/ldapfct.c
+++ b/ldap/servers/slapd/tools/ldclt/ldapfct.c
@@ -635,7 +635,7 @@ ldclt_get_sec_pwd(PK11SlotInfo *slot, PRBool retry, void *arg)
 }
 
 static int
-ldclt_clientauth(thread_context	*tttctx, const char *path, const char *certname, const char *pwd)
+ldclt_clientauth(thread_context	*tttctx, LDAP *ld, const char *path, const char *certname, const char *pwd)
 {
   const char *colon = NULL;
   char *token_name = NULL;
@@ -686,14 +686,14 @@ ldclt_clientauth(thread_context	*tttctx, const char *path, const char *certname,
     goto done;
   }
 
-  if ((rc = ldap_set_option(tttctx->ldapCtx, LDAP_OPT_X_TLS_CERTFILE, certname))) {
+  if ((rc = ldap_set_option(ld, LDAP_OPT_X_TLS_CERTFILE, certname))) {
     printf ("ldclt[%d]: T%03d: Cannot ldap_set_option(ld, LDAP_OPT_X_CERTFILE, %s), errno=%d ldaperror=%d:%s\n",
 	    mctx.pid, thrdNum, certname, errno, rc, my_ldap_err2string(rc));
     fflush (stdout);
     goto done;
   }
 
-  if ((rc = ldap_set_option(tttctx->ldapCtx, LDAP_OPT_X_TLS_KEYFILE, pwd))) {
+  if ((rc = ldap_set_option(ld, LDAP_OPT_X_TLS_KEYFILE, pwd))) {
     printf ("ldclt[%d]: T%03d: Cannot ldap_set_option(ld, LDAP_OPT_X_KEYFILE, %s), errno=%d ldaperror=%d:%s\n",
 	    mctx.pid, thrdNum, pwd, errno, rc, my_ldap_err2string(rc));
     fflush (stdout);
@@ -772,7 +772,7 @@ connectToLDAP(thread_context *tttctx, const char *bufBindDN, const char *bufPass
       goto done;
     }
     if ((mode & CLTAUTH) &&
-	(ret = ldclt_clientauth(tttctx, certdir, mctx.cltcertname, mctx.keydbpin))) {
+        (ret = ldclt_clientauth(tttctx, ld, certdir, mctx.cltcertname, mctx.keydbpin))) {
       free(certdir);
       goto done;
     }