Blame SOURCES/0052-Ticket-49529-Fix-Coverity-warnings-invalid-deference.patch

b045b9
From 0b5cbcf45f3fb4b03a1f762c5704183787d30696 Mon Sep 17 00:00:00 2001
b045b9
From: Mark Reynolds <mreynolds@redhat.com>
b045b9
Date: Fri, 12 Jan 2018 08:38:22 -0500
b045b9
Subject: [PATCH] Ticket 49529 - Fix Coverity warnings: invalid deferences
b045b9
b045b9
Description:  So many of the warnings were false positives, but
b045b9
              I "fixed" 90% of them anyway for these two reasons:
b045b9
b045b9
              One, it's possible that a future change could actually
b045b9
              result in a NULL pointer being referenced.
b045b9
b045b9
              Two, it would be nice to stop these coverity warnings
b045b9
              so we can focus on real warnings.  Auto waivers also
b045b9
              don't always work as the surrounding code changes.
b045b9
b045b9
https://pagure.io/389-ds-base/issue/49529
b045b9
b045b9
Reviewed by: firstyear (Thanks!)
b045b9
b045b9
(cherry picked from commit 7e27face5ef021d883a44d70bb3e9732b115016f)
b045b9
---
b045b9
 ldap/servers/slapd/abandon.c      | 10 ++++++++--
b045b9
 ldap/servers/slapd/add.c          | 18 +++++++++++++++---
b045b9
 ldap/servers/slapd/bind.c         | 20 +++++++++++++++-----
b045b9
 ldap/servers/slapd/compare.c      | 17 +++++++++++++----
b045b9
 ldap/servers/slapd/connection.c   | 19 +++++++++++++------
b045b9
 ldap/servers/slapd/delete.c       |  4 ++--
b045b9
 ldap/servers/slapd/dn.c           |  7 +++++++
b045b9
 ldap/servers/slapd/entry.c        | 10 +++++++++-
b045b9
 ldap/servers/slapd/extendop.c     |  7 +++++++
b045b9
 ldap/servers/slapd/filter.c       |  6 +++++-
b045b9
 ldap/servers/slapd/modify.c       | 18 ++++++++++++++++--
b045b9
 ldap/servers/slapd/passwd_extop.c |  4 ++++
b045b9
 ldap/servers/slapd/psearch.c      | 13 +++++++++----
b045b9
 ldap/servers/slapd/result.c       | 14 +++++++++++++-
b045b9
 ldap/servers/slapd/search.c       |  5 ++++-
b045b9
 ldap/servers/slapd/task.c         |  5 +++++
b045b9
 16 files changed, 145 insertions(+), 32 deletions(-)
b045b9
b045b9
diff --git a/ldap/servers/slapd/abandon.c b/ldap/servers/slapd/abandon.c
b045b9
index 5c30c972d..e2237e5fc 100644
b045b9
--- a/ldap/servers/slapd/abandon.c
b045b9
+++ b/ldap/servers/slapd/abandon.c
b045b9
@@ -42,10 +42,16 @@ do_abandon(Slapi_PBlock *pb)
b045b9
     slapi_pblock_get(pb, SLAPI_OPERATION, &pb_op);
b045b9
     slapi_pblock_get(pb, SLAPI_CONNECTION, &pb_conn);
b045b9
 
b045b9
-    BerElement *ber = pb_op->o_ber;
b045b9
-
b045b9
     slapi_log_err(SLAPI_LOG_TRACE, "do_abandon", "->\n");
b045b9
 
b045b9
+    if (pb_op == NULL || pb_conn == NULL) {
b045b9
+        slapi_log_err(SLAPI_LOG_ERR, "do_abandon", "NULL param: pb_conn (0x%p) pb_op (0x%p)\n",
b045b9
+                      pb_conn, pb_op);
b045b9
+        return;
b045b9
+    }
b045b9
+
b045b9
+    BerElement *ber = pb_op->o_ber;
b045b9
+
b045b9
     /*
b045b9
      * Parse the abandon request.  It looks like this:
b045b9
      *
b045b9
diff --git a/ldap/servers/slapd/add.c b/ldap/servers/slapd/add.c
b045b9
index 0a4a5d7b2..8f2fdeac8 100644
b045b9
--- a/ldap/servers/slapd/add.c
b045b9
+++ b/ldap/servers/slapd/add.c
b045b9
@@ -66,6 +66,14 @@ do_add(Slapi_PBlock *pb)
b045b9
 
b045b9
     slapi_pblock_get(pb, SLAPI_CONNECTION, &pb_conn);
b045b9
     slapi_pblock_get(pb, SLAPI_OPERATION, &operation);
b045b9
+
b045b9
+
b045b9
+    if (operation == NULL || pb_conn == NULL) {
b045b9
+        slapi_log_err(SLAPI_LOG_ERR, "do_add", "NULL param: pb_conn (0x%p) pb_op (0x%p)\n",
b045b9
+                      pb_conn, operation);
b045b9
+        send_ldap_result(pb, LDAP_OPERATIONS_ERROR, NULL, "param error", 0, NULL);
b045b9
+        return;
b045b9
+    }
b045b9
     ber = operation->o_ber;
b045b9
 
b045b9
     /* count the add request */
b045b9
@@ -450,8 +458,8 @@ op_shared_add(Slapi_PBlock *pb)
b045b9
 
b045b9
         if (!internal_op) {
b045b9
             slapi_log_access(LDAP_DEBUG_STATS, "conn=%" PRIu64 " op=%d ADD dn=\"%s\"%s\n",
b045b9
-                             pb_conn->c_connid,
b045b9
-                             operation->o_opid,
b045b9
+                             pb_conn ? pb_conn->c_connid : -1,
b045b9
+                             operation ? operation->o_opid: -1,
b045b9
                              slapi_entry_get_dn_const(e),
b045b9
                              proxystr ? proxystr : "");
b045b9
         } else {
b045b9
@@ -865,7 +873,11 @@ handle_fast_add(Slapi_PBlock *pb, Slapi_Entry *entry)
b045b9
     int ret;
b045b9
 
b045b9
     slapi_pblock_get(pb, SLAPI_CONNECTION, &pb_conn);
b045b9
-
b045b9
+    if (pb_conn == NULL){
b045b9
+        slapi_log_err(SLAPI_LOG_ERR, "handle_fast_add", "NULL param: pb_conn (0x%p)\n", pb_conn);
b045b9
+        send_ldap_result(pb, LDAP_OPERATIONS_ERROR, NULL, "param error", 0, NULL);
b045b9
+        return;
b045b9
+    }
b045b9
     be = pb_conn->c_bi_backend;
b045b9
 
b045b9
     if ((be == NULL) || (be->be_wire_import == NULL)) {
b045b9
diff --git a/ldap/servers/slapd/bind.c b/ldap/servers/slapd/bind.c
b045b9
index 4a8e4deaf..a34a21a77 100644
b045b9
--- a/ldap/servers/slapd/bind.c
b045b9
+++ b/ldap/servers/slapd/bind.c
b045b9
@@ -54,11 +54,7 @@ do_bind(Slapi_PBlock *pb)
b045b9
 {
b045b9
     Operation *pb_op = NULL;
b045b9
     Connection *pb_conn = NULL;
b045b9
-
b045b9
-    slapi_pblock_get(pb, SLAPI_OPERATION, &pb_op);
b045b9
-    slapi_pblock_get(pb, SLAPI_CONNECTION, &pb_conn);
b045b9
-
b045b9
-    BerElement *ber = pb_op->o_ber;
b045b9
+    BerElement *ber;
b045b9
     int err, isroot;
b045b9
     ber_tag_t method = LBER_DEFAULT;
b045b9
     ber_int_t version = -1;
b045b9
@@ -83,6 +79,16 @@ do_bind(Slapi_PBlock *pb)
b045b9
 
b045b9
     slapi_log_err(SLAPI_LOG_TRACE, "do_bind", "=>\n");
b045b9
 
b045b9
+    slapi_pblock_get(pb, SLAPI_OPERATION, &pb_op);
b045b9
+    slapi_pblock_get(pb, SLAPI_CONNECTION, &pb_conn);
b045b9
+    if (pb_op == NULL || pb_conn == NULL) {
b045b9
+        slapi_log_err(SLAPI_LOG_ERR, "do_bind", "NULL param: pb_conn (0x%p) pb_op (0x%p)\n",
b045b9
+                      pb_conn, pb_op);
b045b9
+        send_ldap_result(pb, LDAP_OPERATIONS_ERROR, NULL, NULL, 0, NULL);
b045b9
+        goto free_and_return;
b045b9
+    }
b045b9
+    ber = pb_op->o_ber;
b045b9
+
b045b9
     /*
b045b9
      * Parse the bind request.  It looks like this:
b045b9
      *
b045b9
@@ -856,6 +862,10 @@ log_bind_access(
b045b9
     slapi_pblock_get(pb, SLAPI_OPERATION, &pb_op);
b045b9
     slapi_pblock_get(pb, SLAPI_CONNECTION, &pb_conn);
b045b9
 
b045b9
+    if (pb_op == NULL || pb_conn == NULL) {
b045b9
+        return;
b045b9
+    }
b045b9
+
b045b9
     if (method == LDAP_AUTH_SASL && saslmech && msg) {
b045b9
         slapi_log_access(LDAP_DEBUG_STATS,
b045b9
                          "conn=%" PRIu64 " op=%d BIND dn=\"%s\" "
b045b9
diff --git a/ldap/servers/slapd/compare.c b/ldap/servers/slapd/compare.c
b045b9
index 9bc6b693a..2626d91d0 100644
b045b9
--- a/ldap/servers/slapd/compare.c
b045b9
+++ b/ldap/servers/slapd/compare.c
b045b9
@@ -35,10 +35,7 @@ do_compare(Slapi_PBlock *pb)
b045b9
 {
b045b9
     Operation *pb_op = NULL;
b045b9
     Connection *pb_conn = NULL;
b045b9
-    slapi_pblock_get(pb, SLAPI_OPERATION, &pb_op);
b045b9
-    slapi_pblock_get(pb, SLAPI_CONNECTION, &pb_conn);
b045b9
-
b045b9
-    BerElement *ber = pb_op->o_ber;
b045b9
+    BerElement *ber;
b045b9
     char *rawdn = NULL;
b045b9
     const char *dn = NULL;
b045b9
     struct ava ava = {0};
b045b9
@@ -50,6 +47,18 @@ do_compare(Slapi_PBlock *pb)
b045b9
 
b045b9
     slapi_log_err(SLAPI_LOG_TRACE, "do_compare", "=>\n");
b045b9
 
b045b9
+    slapi_pblock_get(pb, SLAPI_OPERATION, &pb_op);
b045b9
+    slapi_pblock_get(pb, SLAPI_CONNECTION, &pb_conn);
b045b9
+
b045b9
+    if (pb_op == NULL || pb_conn == NULL) {
b045b9
+        slapi_log_err(SLAPI_LOG_ERR, "do_compare", "NULL param: pb_conn (0x%p) pb_op (0x%p)\n",
b045b9
+                      pb_conn, pb_op);
b045b9
+        send_ldap_result(pb, LDAP_OPERATIONS_ERROR, NULL, NULL, 0, NULL);
b045b9
+        goto free_and_return;
b045b9
+    }
b045b9
+
b045b9
+    ber = pb_op->o_ber;
b045b9
+
b045b9
     /* count the compare request */
b045b9
     slapi_counter_increment(g_get_global_snmp_vars()->ops_tbl.dsCompareOps);
b045b9
 
b045b9
diff --git a/ldap/servers/slapd/connection.c b/ldap/servers/slapd/connection.c
b045b9
index 8ef115691..fa24ec040 100644
b045b9
--- a/ldap/servers/slapd/connection.c
b045b9
+++ b/ldap/servers/slapd/connection.c
b045b9
@@ -1518,7 +1518,7 @@ connection_threadmain()
b045b9
         }
b045b9
 
b045b9
         if (!thread_turbo_flag && !more_data) {
b045b9
-	    Connection *pb_conn = NULL;
b045b9
+	        Connection *pb_conn = NULL;
b045b9
 
b045b9
             /* If more data is left from the previous connection_read_operation,
b045b9
                we should finish the op now.  Client might be thinking it's
b045b9
@@ -1530,6 +1530,13 @@ connection_threadmain()
b045b9
              * Connection wait for new work provides the conn and op for us.
b045b9
              */
b045b9
             slapi_pblock_get(pb, SLAPI_CONNECTION, &pb_conn);
b045b9
+            if (pb_conn == NULL) {
b045b9
+                slapi_log_err(SLAPI_LOG_ERR, "connection_threadmain",
b045b9
+                              "pb_conn is NULL\n");
b045b9
+                slapi_pblock_destroy(pb);
b045b9
+                g_decr_active_threadcnt();
b045b9
+                return;
b045b9
+            }
b045b9
 
b045b9
             switch (ret) {
b045b9
             case CONN_NOWORK:
b045b9
@@ -1702,11 +1709,11 @@ connection_threadmain()
b045b9
                  * so need locking from here on */
b045b9
                 signal_listner();
b045b9
                 /* with nunc-stans, I see an enormous amount of time spent in the poll() in
b045b9
- * connection_read_operation() when the below code is enabled - not sure why
b045b9
- * nunc-stans makes such a huge difference - for now, just disable this code
b045b9
- * when using nunc-stans - it is supposed to be an optimization but turns out
b045b9
- * to not be the opposite with nunc-stans
b045b9
- */
b045b9
+                 * connection_read_operation() when the below code is enabled - not sure why
b045b9
+                 * nunc-stans makes such a huge difference - for now, just disable this code
b045b9
+                 * when using nunc-stans - it is supposed to be an optimization but turns out
b045b9
+                 * to not be the opposite with nunc-stans
b045b9
+                 */
b045b9
             } else if (!enable_nunc_stans) { /* more data in conn - just put back on work_q - bypass poll */
b045b9
                 bypasspollcnt++;
b045b9
                 PR_EnterMonitor(conn->c_mutex);
b045b9
diff --git a/ldap/servers/slapd/delete.c b/ldap/servers/slapd/delete.c
b045b9
index ba238b18f..49cdab138 100644
b045b9
--- a/ldap/servers/slapd/delete.c
b045b9
+++ b/ldap/servers/slapd/delete.c
b045b9
@@ -262,8 +262,8 @@ op_shared_delete(Slapi_PBlock *pb)
b045b9
             slapi_pblock_get(pb, SLAPI_CONNECTION, &pb_conn);
b045b9
             slapi_pblock_get(pb, SLAPI_OPERATION, &pb_op);
b045b9
             slapi_log_access(LDAP_DEBUG_STATS, "conn=%" PRIu64 " op=%d DEL dn=\"%s\"%s\n",
b045b9
-                             pb_conn->c_connid,
b045b9
-                             pb_op->o_opid,
b045b9
+                             pb_conn ? pb_conn->c_connid : -1,
b045b9
+                             pb_op ? pb_op->o_opid : -1,
b045b9
                              slapi_sdn_get_dn(sdn),
b045b9
                              proxystr ? proxystr : "");
b045b9
         } else {
b045b9
diff --git a/ldap/servers/slapd/dn.c b/ldap/servers/slapd/dn.c
b045b9
index afca37214..abc155533 100644
b045b9
--- a/ldap/servers/slapd/dn.c
b045b9
+++ b/ldap/servers/slapd/dn.c
b045b9
@@ -2477,6 +2477,13 @@ slapi_sdn_copy(const Slapi_DN *from, Slapi_DN *to)
b045b9
 {
b045b9
     SDN_DUMP(from, "slapi_sdn_copy from");
b045b9
     SDN_DUMP(to, "slapi_sdn_copy to");
b045b9
+
b045b9
+    if (to == NULL || from == NULL){
b045b9
+        slapi_log_err(SLAPI_LOG_ERR, "slapi_sdn_copy",
b045b9
+                      "NULL param: from (0x%p) to (0x%p)\n", from, to);
b045b9
+        return;
b045b9
+    }
b045b9
+
b045b9
     slapi_sdn_done(to);
b045b9
     if (from->udn) {
b045b9
         to->flag = slapi_setbit_uchar(to->flag, FLAG_UDN);
b045b9
diff --git a/ldap/servers/slapd/entry.c b/ldap/servers/slapd/entry.c
b045b9
index fbbc8faa0..32828b4e2 100644
b045b9
--- a/ldap/servers/slapd/entry.c
b045b9
+++ b/ldap/servers/slapd/entry.c
b045b9
@@ -1998,6 +1998,10 @@ slapi_entry_dup(const Slapi_Entry *e)
b045b9
     struct attrs_in_extension *aiep;
b045b9
 
b045b9
     PR_ASSERT(NULL != e);
b045b9
+    if (e == NULL){
b045b9
+        slapi_log_err(SLAPI_LOG_ERR, "slapi_entry_dup", "entry is NULL\n");
b045b9
+        return NULL;
b045b9
+    }
b045b9
 
b045b9
     ec = slapi_entry_alloc();
b045b9
 
b045b9
@@ -3660,7 +3664,11 @@ delete_values_sv_internal(
b045b9
     Slapi_Attr *a;
b045b9
     int retVal = LDAP_SUCCESS;
b045b9
 
b045b9
-/*
b045b9
+    if (e == NULL){
b045b9
+        slapi_log_err(SLAPI_LOG_ERR, "delete_values_sv_internal", "entry is NULL\n");
b045b9
+        return LDAP_OPERATIONS_ERROR;
b045b9
+    }
b045b9
+    /*
b045b9
      * If type is in the protected_attrs_all list, we could ignore the failure,
b045b9
      * as the attribute could only exist in the entry in the memory when the
b045b9
      * add/mod operation is done, while the retried entry from the db does not
b045b9
diff --git a/ldap/servers/slapd/extendop.c b/ldap/servers/slapd/extendop.c
b045b9
index 1594a8c9c..815949be6 100644
b045b9
--- a/ldap/servers/slapd/extendop.c
b045b9
+++ b/ldap/servers/slapd/extendop.c
b045b9
@@ -219,6 +219,13 @@ do_extended(Slapi_PBlock *pb)
b045b9
     slapi_pblock_get(pb, SLAPI_OPERATION, &pb_op);
b045b9
     slapi_pblock_get(pb, SLAPI_CONNECTION, &pb_conn);
b045b9
 
b045b9
+    if (pb_conn == NULL || pb_op == NULL) {
b045b9
+        send_ldap_result(pb, LDAP_OPERATIONS_ERROR, NULL, "param error", 0, NULL);
b045b9
+        slapi_log_err(SLAPI_LOG_ERR, "do_extended",
b045b9
+                      "NULL param error: conn (0x%p) op (0x%p)\n", pb_conn, pb_op);
b045b9
+        goto free_and_return;
b045b9
+    }
b045b9
+
b045b9
     /*
b045b9
      * Parse the extended request. It looks like this:
b045b9
      *
b045b9
diff --git a/ldap/servers/slapd/filter.c b/ldap/servers/slapd/filter.c
b045b9
index fe3525f34..ef975e679 100644
b045b9
--- a/ldap/servers/slapd/filter.c
b045b9
+++ b/ldap/servers/slapd/filter.c
b045b9
@@ -292,7 +292,11 @@ get_filter_internal(Connection *conn, BerElement *ber, struct slapi_filter **fil
b045b9
 
b045b9
     case LDAP_FILTER_EXTENDED:
b045b9
         slapi_log_err(SLAPI_LOG_FILTER, "get_filter_internal", "EXTENDED\n");
b045b9
-        if (conn->c_ldapversion < 3) {
b045b9
+        if (conn == NULL) {
b045b9
+            slapi_log_err(SLAPI_LOG_ERR, "get_filter_internal",
b045b9
+                          "NULL param: conn (0x%p)\n", conn);
b045b9
+            err = LDAP_OPERATIONS_ERROR;
b045b9
+        } else if (conn->c_ldapversion < 3) {
b045b9
             slapi_log_err(SLAPI_LOG_ERR, "get_filter_internal",
b045b9
                           "Extensible filter received from v2 client\n");
b045b9
             err = LDAP_PROTOCOL_ERROR;
b045b9
diff --git a/ldap/servers/slapd/modify.c b/ldap/servers/slapd/modify.c
b045b9
index 0dcac646b..10d263159 100644
b045b9
--- a/ldap/servers/slapd/modify.c
b045b9
+++ b/ldap/servers/slapd/modify.c
b045b9
@@ -122,9 +122,16 @@ do_modify(Slapi_PBlock *pb)
b045b9
     slapi_log_err(SLAPI_LOG_TRACE, "do_modify", "=>\n");
b045b9
 
b045b9
     slapi_pblock_get(pb, SLAPI_OPERATION, &operation);
b045b9
-    ber = operation->o_ber;
b045b9
-
b045b9
     slapi_pblock_get(pb, SLAPI_CONNECTION, &pb_conn);
b045b9
+    if (operation == NULL) {
b045b9
+        send_ldap_result(pb, LDAP_OPERATIONS_ERROR,
b045b9
+                         NULL, "operation is NULL parameter", 0, NULL);
b045b9
+        slapi_log_err(SLAPI_LOG_ERR, "do_modify",
b045b9
+            "NULL param:  pb_conn (0x%p) operation (0x%p)\n", pb_conn, operation);
b045b9
+        return;
b045b9
+    }
b045b9
+
b045b9
+    ber = operation->o_ber;
b045b9
 
b045b9
     /* count the modify request */
b045b9
     slapi_counter_increment(g_get_global_snmp_vars()->ops_tbl.dsModifyEntryOps);
b045b9
@@ -1165,6 +1172,13 @@ op_shared_allow_pw_change(Slapi_PBlock *pb, LDAPMod *mod, char **old_pw, Slapi_M
b045b9
     internal_op = operation_is_flag_set(operation, OP_FLAG_INTERNAL);
b045b9
     slapi_pblock_get(pb, SLAPI_CONNECTION, &pb_conn);
b045b9
 
b045b9
+    if (pb_conn == NULL || operation == NULL) {
b045b9
+        slapi_log_err(SLAPI_LOG_ERR, "op_shared_allow_pw_change",
b045b9
+                      "NULL param error: conn (0x%p) op (0x%p)\n", pb_conn, operation);
b045b9
+        rc = -1;
b045b9
+        goto done;
b045b9
+    }
b045b9
+
b045b9
     slapi_sdn_init_dn_byref(&sdn, dn);
b045b9
     pwpolicy = new_passwdPolicy(pb, (char *)slapi_sdn_get_ndn(&sdn));
b045b9
 
b045b9
diff --git a/ldap/servers/slapd/passwd_extop.c b/ldap/servers/slapd/passwd_extop.c
b045b9
index 54a9a6716..40145af2e 100644
b045b9
--- a/ldap/servers/slapd/passwd_extop.c
b045b9
+++ b/ldap/servers/slapd/passwd_extop.c
b045b9
@@ -486,6 +486,10 @@ passwd_modify_extop(Slapi_PBlock *pb)
b045b9
     /* Allow password modify only for SSL/TLS established connections and
b045b9
      * connections using SASL privacy layers */
b045b9
     slapi_pblock_get(pb, SLAPI_CONNECTION, &conn;;
b045b9
+    if (conn == NULL) {
b045b9
+        slapi_log_err(SLAPI_LOG_ERR, "passwd_modify_extop", "conn is NULL");
b045b9
+        goto free_and_return;
b045b9
+    }
b045b9
     if (slapi_pblock_get(pb, SLAPI_CONN_SASL_SSF, &sasl_ssf) != 0) {
b045b9
         errMesg = "Could not get SASL SSF from connection\n";
b045b9
         rc = LDAP_OPERATIONS_ERROR;
b045b9
diff --git a/ldap/servers/slapd/psearch.c b/ldap/servers/slapd/psearch.c
b045b9
index e0dd2bf89..1bf062954 100644
b045b9
--- a/ldap/servers/slapd/psearch.c
b045b9
+++ b/ldap/servers/slapd/psearch.c
b045b9
@@ -271,6 +271,11 @@ ps_send_results(void *arg)
b045b9
     slapi_pblock_get(ps->ps_pblock, SLAPI_CONNECTION, &pb_conn);
b045b9
     slapi_pblock_get(ps->ps_pblock, SLAPI_OPERATION, &pb_op);
b045b9
 
b045b9
+    if (pb_conn == NULL) {
b045b9
+        slapi_log_err(SLAPI_LOG_ERR, "ps_send_results", "pb_conn is NULL\n");
b045b9
+        return;
b045b9
+    }
b045b9
+
b045b9
     /* need to acquire a reference to this connection so that it will not
b045b9
        be released or cleaned up out from under us */
b045b9
     PR_EnterMonitor(pb_conn->c_mutex);
b045b9
@@ -280,7 +285,7 @@ ps_send_results(void *arg)
b045b9
     if (conn_acq_flag) {
b045b9
         slapi_log_err(SLAPI_LOG_CONNS, "ps_send_results",
b045b9
                       "conn=%" PRIu64 " op=%d Could not acquire the connection - psearch aborted\n",
b045b9
-                      pb_conn->c_connid, pb_op->o_opid);
b045b9
+                      pb_conn->c_connid, pb_op ? pb_op->o_opid : -1);
b045b9
     }
b045b9
 
b045b9
     PR_Lock(psearch_list->pl_cvarlock);
b045b9
@@ -290,7 +295,7 @@ ps_send_results(void *arg)
b045b9
         if (pb_op == NULL || slapi_op_abandoned(ps->ps_pblock)) {
b045b9
             slapi_log_err(SLAPI_LOG_CONNS, "ps_send_results",
b045b9
                           "conn=%" PRIu64 " op=%d The operation has been abandoned\n",
b045b9
-                          pb_conn->c_connid, pb_op->o_opid);
b045b9
+                          pb_conn->c_connid, pb_op ? pb_op->o_opid : -1);
b045b9
             break;
b045b9
         }
b045b9
         if (NULL == ps->ps_eq_head) {
b045b9
@@ -532,7 +537,7 @@ ps_service_persistent_searches(Slapi_Entry *e, Slapi_Entry *eprev, ber_int_t chg
b045b9
         slapi_log_err(SLAPI_LOG_CONNS, "ps_service_persistent_searches",
b045b9
                       "conn=%" PRIu64 " op=%d entry %s with chgtype %d "
b045b9
                       "matches the ps changetype %d\n",
b045b9
-                      pb_conn->c_connid,
b045b9
+                      pb_conn ? pb_conn->c_connid : -1,
b045b9
                       pb_op->o_opid,
b045b9
                       edn, chgtype, ps->ps_changetypes);
b045b9
 
b045b9
@@ -609,7 +614,7 @@ ps_service_persistent_searches(Slapi_Entry *e, Slapi_Entry *eprev, ber_int_t chg
b045b9
         /* Turn 'em loose */
b045b9
         ps_wakeup_all();
b045b9
         slapi_log_err(SLAPI_LOG_TRACE, "ps_service_persistent_searches", "Enqueued entry "
b045b9
-                                                                         "\"%s\" on %d persistent search lists\n",
b045b9
+                      "\"%s\" on %d persistent search lists\n",
b045b9
                       slapi_entry_get_dn_const(e), matched);
b045b9
     } else {
b045b9
         slapi_log_err(SLAPI_LOG_TRACE, "ps_service_persistent_searches",
b045b9
diff --git a/ldap/servers/slapd/result.c b/ldap/servers/slapd/result.c
b045b9
index 2302ae96b..ce394d948 100644
b045b9
--- a/ldap/servers/slapd/result.c
b045b9
+++ b/ldap/servers/slapd/result.c
b045b9
@@ -396,7 +396,7 @@ send_ldap_result_ext(
b045b9
         break;
b045b9
 
b045b9
     case LDAP_REFERRAL:
b045b9
-        if (conn->c_ldapversion > LDAP_VERSION2) {
b045b9
+        if (conn && conn->c_ldapversion > LDAP_VERSION2) {
b045b9
             tag = LDAP_TAG_REFERRAL;
b045b9
             break;
b045b9
         }
b045b9
@@ -645,6 +645,11 @@ process_read_entry_controls(Slapi_PBlock *pb, char *oid)
b045b9
         BerElement *req_ber = NULL;
b045b9
         Operation *op = NULL;
b045b9
         slapi_pblock_get(pb, SLAPI_OPERATION, &op);
b045b9
+        if (op == NULL) {
b045b9
+            slapi_log_err(SLAPI_LOG_ERR, "process_read_entry_controls", "op is NULL\n");
b045b9
+            rc = -1;
b045b9
+            goto done;
b045b9
+        }
b045b9
 
b045b9
         if (strcmp(oid, LDAP_CONTROL_PRE_READ_ENTRY) == 0) {
b045b9
             /* first verify this is the correct operation for a pre-read entry control */
b045b9
@@ -2145,6 +2150,13 @@ encode_read_entry(Slapi_PBlock *pb, Slapi_Entry *e, char **attrs, int alluseratt
b045b9
     slapi_pblock_get(pb, SLAPI_OPERATION, &op);
b045b9
     slapi_pblock_get(pb, SLAPI_CONNECTION, &conn;;
b045b9
 
b045b9
+    if (conn == NULL || op == NULL) {
b045b9
+        slapi_log_err(SLAPI_LOG_ERR, "encode_read_entry",
b045b9
+                      "NULL param error: conn (0x%p) op (0x%p)\n", conn, op);
b045b9
+        rc = -1;
b045b9
+        goto cleanup;
b045b9
+    }
b045b9
+
b045b9
     /* Start the ber encoding with the DN */
b045b9
     rc = ber_printf(ber, "t{s{", LDAP_RES_SEARCH_ENTRY, slapi_entry_get_dn_const(e));
b045b9
     if (rc == -1) {
b045b9
diff --git a/ldap/servers/slapd/search.c b/ldap/servers/slapd/search.c
b045b9
index 5e3413245..731c6519e 100644
b045b9
--- a/ldap/servers/slapd/search.c
b045b9
+++ b/ldap/servers/slapd/search.c
b045b9
@@ -125,7 +125,10 @@ do_search(Slapi_PBlock *pb)
b045b9
         goto free_and_return;
b045b9
     }
b045b9
 
b045b9
-    slapi_pblock_get(pb, SLAPI_CONNECTION, &pb_conn);
b045b9
+    if (slapi_pblock_get(pb, SLAPI_CONNECTION, &pb_conn) != 0 || pb_conn == NULL) {
b045b9
+        slapi_log_err(SLAPI_LOG_ERR, "do_search", "pb_conn is NULL\n");
b045b9
+        goto free_and_return;
b045b9
+    }
b045b9
 
b045b9
     /*
b045b9
      * If nsslapd-minssf-exclude-rootdse is on, the minssf check has been
b045b9
diff --git a/ldap/servers/slapd/task.c b/ldap/servers/slapd/task.c
b045b9
index 53a0af52d..002083c04 100644
b045b9
--- a/ldap/servers/slapd/task.c
b045b9
+++ b/ldap/servers/slapd/task.c
b045b9
@@ -199,6 +199,11 @@ slapi_task_log_status(Slapi_Task *task, char *format, ...)
b045b9
 {
b045b9
     va_list ap;
b045b9
 
b045b9
+    if (task == NULL) {
b045b9
+        slapi_log_err(SLAPI_LOG_ERR, "slapi_task_log_status",
b045b9
+                      "Slapi_Task is NULL, can not log status\n");
b045b9
+        return;
b045b9
+    }
b045b9
     if (!task->task_status)
b045b9
         task->task_status = (char *)slapi_ch_malloc(10 * LOG_BUFFER);
b045b9
     if (!task->task_status)
b045b9
-- 
b045b9
2.13.6
b045b9