summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorStefan Metzmacher <metze@samba.org>2013-06-13 14:13:26 +0200
committerStefan Metzmacher <metze@samba.org>2013-06-13 14:18:27 +0200
commit122214b16bb2d247c8040728a6b0964531596ea9 (patch)
treea165137bcb2ede5fc7edb5947f6d83985e4faa45
parent5959affa031843d741513000fb382efe54ff147b (diff)
downloadsamba-122214b16bb2d247c8040728a6b0964531596ea9.tar.gz
samba-122214b16bb2d247c8040728a6b0964531596ea9.tar.bz2
samba-122214b16bb2d247c8040728a6b0964531596ea9.zip
dsdb: don't allow a missing nTSecurityDescriptor in dsdb_get_sd_from_ldb_message()
Every object has a nTSecurityDescriptor attribute. This also avoids potential segfaults in the callers. Signed-off-by: Stefan Metzmacher <metze@samba.org>
-rw-r--r--source4/dsdb/common/dsdb_access.c6
1 files changed, 3 insertions, 3 deletions
diff --git a/source4/dsdb/common/dsdb_access.c b/source4/dsdb/common/dsdb_access.c
index 84005b3e5e..b918220a06 100644
--- a/source4/dsdb/common/dsdb_access.c
+++ b/source4/dsdb/common/dsdb_access.c
@@ -64,9 +64,9 @@ int dsdb_get_sd_from_ldb_message(struct ldb_context *ldb,
enum ndr_err_code ndr_err;
sd_element = ldb_msg_find_element(acl_res, "nTSecurityDescriptor");
- if (!sd_element) {
- *sd = NULL;
- return LDB_SUCCESS;
+ if (sd_element == NULL) {
+ return ldb_error(ldb, LDB_ERR_INSUFFICIENT_ACCESS_RIGHTS,
+ "nTSecurityDescriptor is missing");
}
*sd = talloc(mem_ctx, struct security_descriptor);
if(!*sd) {