summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorVolker Lendecke <vl@samba.org>2008-06-17 15:17:22 +0200
committerVolker Lendecke <vl@samba.org>2008-06-17 15:22:13 +0200
commit6f66dbcda681a374ceacce45567de9249d87864a (patch)
treed9d20fbcd391a4fd9db9f5370258d6ddfb315392
parent7f9acfae7327ce96bf02064f9a0683de0f985521 (diff)
downloadsamba-6f66dbcda681a374ceacce45567de9249d87864a.tar.gz
samba-6f66dbcda681a374ceacce45567de9249d87864a.tar.bz2
samba-6f66dbcda681a374ceacce45567de9249d87864a.zip
Fix a segfault in wbcLookupRids
The done: part could access uninitialized memory if intermediate BAIL_ON_WBC_ERROR fire. Jerry, please check! Thanks, Volker (cherry picked from commit 31f4c33dcc744e81be54389756378e25aa2bb75e) (This used to be commit 5b12d8aa510689114e5413be5afe6aeb6ec2d9db)
-rw-r--r--source3/nsswitch/libwbclient/wbc_sid.c37
1 files changed, 21 insertions, 16 deletions
diff --git a/source3/nsswitch/libwbclient/wbc_sid.c b/source3/nsswitch/libwbclient/wbc_sid.c
index 93281a85fe..b0909263fc 100644
--- a/source3/nsswitch/libwbclient/wbc_sid.c
+++ b/source3/nsswitch/libwbclient/wbc_sid.c
@@ -309,8 +309,8 @@ wbcErr wbcLookupRids(struct wbcDomainSid *dom_sid,
int num_rids,
uint32_t *rids,
const char **pp_domain_name,
- const char ***names,
- enum wbcSidType **types)
+ const char ***pnames,
+ enum wbcSidType **ptypes)
{
size_t i, len, ridbuf_size;
char *ridlist;
@@ -319,6 +319,8 @@ wbcErr wbcLookupRids(struct wbcDomainSid *dom_sid,
struct winbindd_response response;
char *sid_string = NULL;
char *domain_name = NULL;
+ const char **names = NULL;
+ enum wbcSidType *types = NULL;
wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE;
/* Initialise request */
@@ -370,11 +372,11 @@ wbcErr wbcLookupRids(struct wbcDomainSid *dom_sid,
domain_name = talloc_strdup(NULL, response.data.domain_name);
BAIL_ON_PTR_ERROR(domain_name, wbc_status);
- *names = talloc_array(NULL, const char*, num_rids);
- BAIL_ON_PTR_ERROR((*names), wbc_status);
+ names = talloc_array(NULL, const char*, num_rids);
+ BAIL_ON_PTR_ERROR(names, wbc_status);
- *types = talloc_array(NULL, enum wbcSidType, num_rids);
- BAIL_ON_PTR_ERROR((*types), wbc_status);
+ types = talloc_array(NULL, enum wbcSidType, num_rids);
+ BAIL_ON_PTR_ERROR(types, wbc_status);
p = (char *)response.extra_data.data;
@@ -386,7 +388,7 @@ wbcErr wbcLookupRids(struct wbcDomainSid *dom_sid,
BAIL_ON_WBC_ERROR(wbc_status);
}
- (*types)[i] = (enum wbcSidType)strtoul(p, &q, 10);
+ types[i] = (enum wbcSidType)strtoul(p, &q, 10);
if (*q != ' ') {
wbc_status = WBC_ERR_INVALID_RESPONSE;
@@ -402,8 +404,8 @@ wbcErr wbcLookupRids(struct wbcDomainSid *dom_sid,
*q = '\0';
- (*names)[i] = talloc_strdup((*names), p);
- BAIL_ON_PTR_ERROR(((*names)[i]), wbc_status);
+ names[i] = talloc_strdup(names, p);
+ BAIL_ON_PTR_ERROR(names[i], wbc_status);
p = q+1;
}
@@ -420,15 +422,18 @@ wbcErr wbcLookupRids(struct wbcDomainSid *dom_sid,
free(response.extra_data.data);
}
- if (!WBC_ERROR_IS_OK(wbc_status)) {
+ if (WBC_ERROR_IS_OK(wbc_status)) {
+ *pp_domain_name = domain_name;
+ *pnames = names;
+ *ptypes = types;
+ }
+ else {
if (domain_name)
talloc_free(domain_name);
- if (*names)
- talloc_free(*names);
- if (*types)
- talloc_free(*types);
- } else {
- *pp_domain_name = domain_name;
+ if (names)
+ talloc_free(names);
+ if (types)
+ talloc_free(types);
}
return wbc_status;