From 5c357b462df8f67379cb3d7f69b1684117f569f3 Mon Sep 17 00:00:00 2001
From: Sumit Bose <sbose@redhat.com>
Date: Aug 29 2013 13:28:18 +0000
Subject: CLDAP: make sure an empty reply is returned on any error


If ipa_cldap_decode() reply is not initialized.

Fixes https://fedorahosted.org/freeipa/ticket/3885

---

diff --git a/daemons/ipa-slapi-plugins/ipa-cldap/ipa_cldap_worker.c b/daemons/ipa-slapi-plugins/ipa-cldap/ipa_cldap_worker.c
index df7cc11..db4a3d0 100644
--- a/daemons/ipa-slapi-plugins/ipa-cldap/ipa_cldap_worker.c
+++ b/daemons/ipa-slapi-plugins/ipa-cldap/ipa_cldap_worker.c
@@ -276,13 +276,14 @@ static void ipa_cldap_process(struct ipa_cldap_ctx *ctx,
     LOG_TRACE("CLDAP Request received");
 
     ret = ipa_cldap_netlogon(ctx, req, &reply);
+
+done:
     if (ret != 0) {
         /* bad request, or internal error, return empty reply */
         /* as Windows does per MS-ADTS 6.3.3.3 */
         memset(&reply, 0, sizeof(struct berval));
     }
 
-done:
     ipa_cldap_respond(ctx, req, &reply);
 
     ipa_cldap_free_kvps(&req->kvps);