From bfd8efd68291860e60939211531a24116bea49f5 Mon Sep 17 00:00:00 2001
From: Fredrik Thulin <fredrik@yubico.com>
Date: Thu, 3 Mar 2011 10:58:34 +0100
Subject: [PATCH] Don't segfault on unset LDAP parameters.

When ldapserver / ldap_uri was specified, but not for example
user_attr, authorize_user_token_ldap() used to cause a segmentation
fault.
---
 pam_yubico.c | 13 +++++++++++++
 1 file changed, 13 insertions(+)

diff --git a/pam_yubico.c b/pam_yubico.c
index ebadfc2..bb0ff2c 100644
--- a/pam_yubico.c
+++ b/pam_yubico.c
@@ -230,6 +230,19 @@ authorize_user_token_ldap (const char *ldap_uri,
   struct berval **vals;
   int i, rc;
 
+  if (user_attr == NULL) {
+    D (("Trying to look up user to YubiKey mapping in LDAP, but user_attr not set!"));
+    return 0;
+  }
+  if (yubi_attr == NULL) {
+    D (("Trying to look up user to YubiKey mapping in LDAP, but yubi_attr not set!"));
+    return 0;
+  }
+  if (ldapdn == NULL) {
+    D (("Trying to look up user to YubiKey mapping in LDAP, but ldapdn not set!"));
+    return 0;
+  }
+
   /* Allocation of memory for search strings depending on input size */
   char *find = malloc((strlen(user_attr)+strlen(ldapdn)+strlen(user)+3)*sizeof(char));
   char *sr = malloc((strlen(yubi_attr)+4)*sizeof(char));