From 3d7cdea66fddc9ea2061ed45fceb032c6bc54332 Mon Sep 17 00:00:00 2001
From: Becca Petrin <beccapetrin@gmail.com>
Date: Tue, 17 Dec 2019 16:33:59 -0800
Subject: [PATCH] Avoid potential panic in LDAP client (#8047)

* fix potential panic

* add comment

* vendor the ldap update

* use localhost in test
---
 sdk/helper/ldaputil/client.go                 |  7 ++++---
 sdk/helper/ldaputil/client_test.go            | 20 +++++++++++++++++++
 .../vault/sdk/helper/ldaputil/client.go       |  7 ++++---
 3 files changed, 28 insertions(+), 6 deletions(-)

diff --git a/sdk/helper/ldaputil/client.go b/sdk/helper/ldaputil/client.go
index 548ada79f..34e954359 100644
--- a/sdk/helper/ldaputil/client.go
+++ b/sdk/helper/ldaputil/client.go
@@ -85,12 +85,13 @@ func (c *Client) DialLDAP(cfg *ConfigEntry) (Connection, error) {
 		}
 		retErr = multierror.Append(retErr, errwrap.Wrapf(fmt.Sprintf("error connecting to host %q: {{err}}", uut), err))
 	}
-
+	if retErr != nil {
+		return nil, retErr
+	}
 	if timeout := cfg.RequestTimeout; timeout > 0 {
 		conn.SetTimeout(time.Duration(timeout) * time.Second)
 	}
-
-	return conn, retErr.ErrorOrNil()
+	return conn, nil
 }
 
 /*
diff --git a/sdk/helper/ldaputil/client_test.go b/sdk/helper/ldaputil/client_test.go
index fa06c2c40..cff985a1c 100644
--- a/sdk/helper/ldaputil/client_test.go
+++ b/sdk/helper/ldaputil/client_test.go
@@ -2,8 +2,28 @@ package ldaputil
 
 import (
 	"testing"
+
+	"github.com/hashicorp/go-hclog"
 )
 
+// TestDialLDAP duplicates a potential panic that was
+// present in the previous version of TestDialLDAP,
+// then confirms its fix by passing.
+func TestDialLDAP(t *testing.T) {
+	ldapClient := Client{
+		Logger: hclog.NewNullLogger(),
+		LDAP:   NewLDAP(),
+	}
+
+	ce := &ConfigEntry{
+		Url:            "ldap://localhost:384654786",
+		RequestTimeout: 3,
+	}
+	if _, err := ldapClient.DialLDAP(ce); err == nil {
+		t.Fatal("expected error")
+	}
+}
+
 func TestLDAPEscape(t *testing.T) {
 	testcases := map[string]string{
 		"#test":       "\\#test",
diff --git a/vendor/github.com/hashicorp/vault/sdk/helper/ldaputil/client.go b/vendor/github.com/hashicorp/vault/sdk/helper/ldaputil/client.go
index 548ada79f..34e954359 100644
--- a/vendor/github.com/hashicorp/vault/sdk/helper/ldaputil/client.go
+++ b/vendor/github.com/hashicorp/vault/sdk/helper/ldaputil/client.go
@@ -85,12 +85,13 @@ func (c *Client) DialLDAP(cfg *ConfigEntry) (Connection, error) {
 		}
 		retErr = multierror.Append(retErr, errwrap.Wrapf(fmt.Sprintf("error connecting to host %q: {{err}}", uut), err))
 	}
-
+	if retErr != nil {
+		return nil, retErr
+	}
 	if timeout := cfg.RequestTimeout; timeout > 0 {
 		conn.SetTimeout(time.Duration(timeout) * time.Second)
 	}
-
-	return conn, retErr.ErrorOrNil()
+	return conn, nil
 }
 
 /*