summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorMichael Adam <obnox@samba.org>2008-02-18 17:38:19 +0100
committerMichael Adam <obnox@samba.org>2008-02-18 17:41:19 +0100
commit8ba088516aa34505849ef0a8639687bec22c5750 (patch)
tree803b9458bb4856e6463a46553ed1e2cac6c8e459
parent5cd707f82c238633df9f89ea45d71e2a92b48161 (diff)
downloadsamba-8ba088516aa34505849ef0a8639687bec22c5750.tar.gz
samba-8ba088516aa34505849ef0a8639687bec22c5750.tar.bz2
samba-8ba088516aa34505849ef0a8639687bec22c5750.zip
Fix segfault in svcctl_get_secdesc(): prevent premature TALLOC_FREE.
This crash was triggered by (e.g.) net rpc service status. This patch prevents premature freeing of memory and creates a common exit point to the function. Michael (This used to be commit f1fb9fd6f14fc53629871cbe4b8558ad5acc14f0)
-rw-r--r--source3/services/services_db.c28
1 files changed, 14 insertions, 14 deletions
diff --git a/source3/services/services_db.c b/source3/services/services_db.c
index 89095c628d..ae83e72697 100644
--- a/source3/services/services_db.c
+++ b/source3/services/services_db.c
@@ -520,29 +520,21 @@ SEC_DESC *svcctl_get_secdesc( TALLOC_CTX *ctx, const char *name, NT_USER_TOKEN *
if ( !W_ERROR_IS_OK(wresult) ) {
DEBUG(0,("svcctl_get_secdesc: key lookup failed! [%s] (%s)\n",
path, dos_errstr(wresult)));
- SAFE_FREE(path);
- return NULL;
+ goto done;
}
- SAFE_FREE(path);
if ( !(values = TALLOC_ZERO_P( key, REGVAL_CTR )) ) {
DEBUG(0,("svcctl_get_secdesc: talloc() failed!\n"));
- TALLOC_FREE( key );
- return NULL;
+ goto done;
}
if (fetch_reg_values( key, values ) == -1) {
DEBUG(0, ("Error getting registry values\n"));
- TALLOC_FREE(key);
- return NULL;
+ goto done;
}
- TALLOC_FREE(key);
-
if ( !(val = regval_ctr_getvalue( values, "Security" )) ) {
- DEBUG(6,("svcctl_get_secdesc: constructing default secdesc for service [%s]\n",
- name));
- return construct_service_sd( ctx );
+ goto fallback_to_default_sd;
}
/* stream the service security descriptor */
@@ -550,10 +542,18 @@ SEC_DESC *svcctl_get_secdesc( TALLOC_CTX *ctx, const char *name, NT_USER_TOKEN *
status = unmarshall_sec_desc(ctx, regval_data_p(val),
regval_size(val), &ret_sd);
- if (!NT_STATUS_IS_OK(status)) {
- return construct_service_sd( ctx );
+ if (NT_STATUS_IS_OK(status)) {
+ goto done;
}
+fallback_to_default_sd:
+ DEBUG(6, ("svcctl_get_secdesc: constructing default secdesc for "
+ "service [%s]\n", name));
+ ret_sd = construct_service_sd(ctx);
+
+done:
+ SAFE_FREE(path);
+ TALLOC_FREE(key);
return ret_sd;
}