lib:ldb: do not offset against NULL pointer in ldb_ldif_read()

Fix the following error observed running samba.test.registry
compiled with clang-17 and UBsan:

lib/ldb/common/ldb_ldif.c:881:9: runtime error: applying non-zero offset 137438953440 to null pointer
    #0 0x7faa0eb3932f in ldb_ldif_read lib/ldb/common/ldb_ldif.c:881
    #1 0x7faa0eb3aec6 in ldb_ldif_read_string lib/ldb/common/ldb_ldif.c:1004
    #2 0x7faa077ed759 in dsdb_set_schema_from_ldif source4/dsdb/schema/schema_set.c:1113
    #3 0x7faa068fcbbf in py_dsdb_set_schema_from_ldif source4/dsdb/pydsdb.c:929
    #4 0x7faa1d1d4507 in cfunction_call (/lib64/libpython3.11.so.1.0+0x1d4507)
    [... a lot of Python calls skipped...]

I.e. number of elements should be checked against zero
before making an attempt to access an element by index.

Signed-off-by: Dmitry Antipov <dantipov@cloudlinux.com>
Reviewed-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

1 files changed, 4 insertions, 4 deletions

diff --git a/lib/ldb/common/ldb_ldif.c b/lib/ldb/common/ldb_ldif.c
index 748e44ed2b9..96237dd0abf 100644
--- a/lib/ldb/common/ldb_ldif.c
+++ b/lib/ldb/common/ldb_ldif.c
@@ -878,12 +878,12 @@ struct ldb_ldif *ldb_ldif_read(struct ldb_context *ldb,
 			continue;
 		}
 
-		el = &msg->elements[msg->num_elements-1];
-
 		a = ldb_schema_attribute_by_name(ldb, attr);
+		el = (msg->num_elements > 0
+		      ? &msg->elements[msg->num_elements - 1]
+		      : NULL);
 
-		if (msg->num_elements > 0 && ldb_attr_cmp(attr, el->name) == 0 &&
-		    flags == el->flags) {
+		if (el && ldb_attr_cmp(attr, el->name) == 0 && flags == el->flags) {
 			/* its a continuation */
 			el->values =
 				talloc_realloc(msg->elements, el->values,