diff options
author | Jim McDonough <jmcd@samba.org> | 2006-03-13 01:42:40 +0000 |
---|---|---|
committer | Gerald (Jerry) Carter <jerry@samba.org> | 2007-10-10 11:15:23 -0500 |
commit | 025041eba44452849f2d25f667b4c1fb6888c485 (patch) | |
tree | 9370f4bb2de610e74a67b7bca2b20f4b357eccf5 /source3/libsmb | |
parent | e0793b1b28b64b0863a3b18d711585a65042cf2f (diff) | |
download | samba-025041eba44452849f2d25f667b4c1fb6888c485.tar.gz samba-025041eba44452849f2d25f667b4c1fb6888c485.tar.bz2 samba-025041eba44452849f2d25f667b4c1fb6888c485.zip |
r14279: Fix coverity #86, 87, 88, 89:
Free grp_sid and owner_sid before returning. Also, only allow one group
or owner.
(This used to be commit 1043e0d90ccb3493417f7bf05b70bdf5513bb1a3)
Diffstat (limited to 'source3/libsmb')
-rw-r--r-- | source3/libsmb/libsmbclient.c | 37 |
1 files changed, 27 insertions, 10 deletions
diff --git a/source3/libsmb/libsmbclient.c b/source3/libsmb/libsmbclient.c index 15355016d0..4c013c4ed2 100644 --- a/source3/libsmb/libsmbclient.c +++ b/source3/libsmb/libsmbclient.c @@ -3922,7 +3922,7 @@ sec_desc_parse(TALLOC_CTX *ctx, { const char *p = str; fstring tok; - SEC_DESC *ret; + SEC_DESC *ret = NULL; size_t sd_size; DOM_SID *grp_sid=NULL; DOM_SID *owner_sid=NULL; @@ -3937,49 +3937,65 @@ sec_desc_parse(TALLOC_CTX *ctx, } if (StrnCaseCmp(tok,"OWNER:", 6) == 0) { + if (owner_sid) { + DEBUG(5, ("OWNER specified more than once!\n")); + goto done; + } owner_sid = SMB_CALLOC_ARRAY(DOM_SID, 1); if (!owner_sid || !convert_string_to_sid(ipc_cli, pol, numeric, owner_sid, tok+6)) { DEBUG(5, ("Failed to parse owner sid\n")); - return NULL; + goto done; } continue; } if (StrnCaseCmp(tok,"OWNER+:", 7) == 0) { + if (owner_sid) { + DEBUG(5, ("OWNER specified more than once!\n")); + goto done; + } owner_sid = SMB_CALLOC_ARRAY(DOM_SID, 1); if (!owner_sid || !convert_string_to_sid(ipc_cli, pol, False, owner_sid, tok+7)) { DEBUG(5, ("Failed to parse owner sid\n")); - return NULL; + goto done; } continue; } if (StrnCaseCmp(tok,"GROUP:", 6) == 0) { + if (grp_sid) { + DEBUG(5, ("GROUP specified more than once!\n")); + goto done; + } grp_sid = SMB_CALLOC_ARRAY(DOM_SID, 1); if (!grp_sid || !convert_string_to_sid(ipc_cli, pol, numeric, grp_sid, tok+6)) { DEBUG(5, ("Failed to parse group sid\n")); - return NULL; + goto done; } continue; } if (StrnCaseCmp(tok,"GROUP+:", 7) == 0) { + if (grp_sid) { + DEBUG(5, ("GROUP specified more than once!\n")); + goto done; + } grp_sid = SMB_CALLOC_ARRAY(DOM_SID, 1); if (!grp_sid || !convert_string_to_sid(ipc_cli, pol, False, grp_sid, tok+6)) { DEBUG(5, ("Failed to parse group sid\n")); - return NULL; + goto done; } continue; } @@ -3988,11 +4004,11 @@ sec_desc_parse(TALLOC_CTX *ctx, SEC_ACE ace; if (!parse_ace(ipc_cli, pol, &ace, numeric, tok+4)) { DEBUG(5, ("Failed to parse ACL %s\n", tok)); - return NULL; + goto done; } if(!add_ace(&dacl, &ace, ctx)) { DEBUG(5, ("Failed to add ACL %s\n", tok)); - return NULL; + goto done; } continue; } @@ -4001,22 +4017,23 @@ sec_desc_parse(TALLOC_CTX *ctx, SEC_ACE ace; if (!parse_ace(ipc_cli, pol, &ace, False, tok+5)) { DEBUG(5, ("Failed to parse ACL %s\n", tok)); - return NULL; + goto done; } if(!add_ace(&dacl, &ace, ctx)) { DEBUG(5, ("Failed to add ACL %s\n", tok)); - return NULL; + goto done; } continue; } DEBUG(5, ("Failed to parse security descriptor\n")); - return NULL; + goto done; } ret = make_sec_desc(ctx, revision, SEC_DESC_SELF_RELATIVE, owner_sid, grp_sid, NULL, dacl, &sd_size); + done: SAFE_FREE(grp_sid); SAFE_FREE(owner_sid); |