Bug 630096 - (cov#15446) check return value of ber_scanf()

We were not checking the return value of ber_scanf in the DNA
plug-in when parsing the range transfer response.  This checks
the return value and sets the return code to LDAP_PROTOCOL_ERROR
if we were unable to parse the range transfer response.

ldap/servers/plugins/dna/dna.c

@@ -1604,7 +1604,10 @@ static int dna_request_range(struct configEntry *config_entry,
     /* Parse response */
     if (responsedata) {
         respber = ber_init(responsedata);
-        ber_scanf(respber, "{aa}", &lower_str, &upper_str);
+        if (ber_scanf(respber, "{aa}", &lower_str, &upper_str) == LBER_ERROR) {
+            ret = LDAP_PROTOCOL_ERROR;
+            goto bail;
+        }
     }
 
     /* Fill in upper and lower */