summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorTim Potter <tpot@samba.org>2001-06-26 06:11:40 +0000
committerTim Potter <tpot@samba.org>2001-06-26 06:11:40 +0000
commit742609a21d4354d12ffee275acccd854e29520bd (patch)
treec38af8c012cb3acdf02604362151d0e33a703ce6
parent629a59fe85910229ddac8f02c20ead424ba03ac7 (diff)
downloadsamba-742609a21d4354d12ffee275acccd854e29520bd.tar.gz
samba-742609a21d4354d12ffee275acccd854e29520bd.tar.bz2
samba-742609a21d4354d12ffee275acccd854e29520bd.zip
Fixed bug introduced by changeover of security descriptor code from
malloc() to talloc(). Previously, creating an ACL containing zero ACEs would return a non-NULL pointer to zero bytes of memory. The talloc() code would return a NULL pointer making the ACL a NULL ACL instead of an empty one. The difference is a NULL ACL allows all access and an empty ACL denies all access. We solve this by calling talloc(ctx, sizeof(SEC_ACE) * num_aces + 1). Heh. (This used to be commit 89eaaafe7d266788609fab6951fd912c441b3a26)
-rw-r--r--source3/rpc_parse/parse_sec.c9
1 files changed, 8 insertions, 1 deletions
diff --git a/source3/rpc_parse/parse_sec.c b/source3/rpc_parse/parse_sec.c
index e5d3a6ce43..7cc4d054fa 100644
--- a/source3/rpc_parse/parse_sec.c
+++ b/source3/rpc_parse/parse_sec.c
@@ -135,7 +135,14 @@ SEC_ACL *make_sec_acl(TALLOC_CTX *ctx, uint16 revision, int num_aces, SEC_ACE *a
dst->num_aces = num_aces;
dst->size = 8;
- if((dst->ace = (SEC_ACE *)talloc(ctx, sizeof(SEC_ACE) * num_aces )) == NULL) {
+ /* Now we need to return a non-NULL address for the ace list even
+ if the number of aces required is zero. This is because there
+ is a distinct difference between a NULL ace and an ace with zero
+ entries in it. This is achieved by always making the number of
+ bytes allocated by talloc() positive. Heh. */
+
+ if((dst->ace = (SEC_ACE *)talloc(ctx, sizeof(SEC_ACE) * num_aces + 1))
+ == NULL) {
return NULL;
}