summaryrefslogtreecommitdiff
path: root/source3/nsswitch/libwbclient
diff options
context:
space:
mode:
authorVolker Lendecke <vl@samba.org>2008-06-17 14:53:07 +0200
committerVolker Lendecke <vl@samba.org>2008-06-17 15:22:04 +0200
commit7f9acfae7327ce96bf02064f9a0683de0f985521 (patch)
tree13091adaed76163757c52ba6f8422cbcffd81806 /source3/nsswitch/libwbclient
parent08d63adc6197b5bbe7a64c4e8e1b547e5c478797 (diff)
downloadsamba-7f9acfae7327ce96bf02064f9a0683de0f985521.tar.gz
samba-7f9acfae7327ce96bf02064f9a0683de0f985521.tar.bz2
samba-7f9acfae7327ce96bf02064f9a0683de0f985521.zip
Fix a segfault in wbcLookupSid
If the BAIL_ON_WBC_ERROR directly after wbcRequestResponse kicks in, *domain and *name have not been initialized yet. So the cleanup routine in the done: part of the routine (which did not check for domain!=NULL etc) would access uninitialized memory. Jerry, please check! Thanks, Volker (cherry picked from commit 3d7e0cc40b1992f4555807acec4f00450e30e2de) (This used to be commit ac5ba26bb0488c3fb95072d84898c02b72c5b819)
Diffstat (limited to 'source3/nsswitch/libwbclient')
-rw-r--r--source3/nsswitch/libwbclient/wbc_sid.c48
1 files changed, 29 insertions, 19 deletions
diff --git a/source3/nsswitch/libwbclient/wbc_sid.c b/source3/nsswitch/libwbclient/wbc_sid.c
index 500be2f342..93281a85fe 100644
--- a/source3/nsswitch/libwbclient/wbc_sid.c
+++ b/source3/nsswitch/libwbclient/wbc_sid.c
@@ -228,14 +228,17 @@ wbcErr wbcLookupName(const char *domain,
**/
wbcErr wbcLookupSid(const struct wbcDomainSid *sid,
- char **domain,
- char **name,
- enum wbcSidType *name_type)
+ char **pdomain,
+ char **pname,
+ enum wbcSidType *pname_type)
{
struct winbindd_request request;
struct winbindd_response response;
wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE;
char *sid_string = NULL;
+ char *domain = NULL;
+ char *name = NULL;
+ enum wbcSidType name_type;
if (!sid) {
wbc_status = WBC_ERR_INVALID_PARAM;
@@ -264,28 +267,35 @@ wbcErr wbcLookupSid(const struct wbcDomainSid *sid,
/* Copy out result */
- if (domain != NULL) {
- *domain = talloc_strdup(NULL, response.data.name.dom_name);
- BAIL_ON_PTR_ERROR((*domain), wbc_status);
- }
+ domain = talloc_strdup(NULL, response.data.name.dom_name);
+ BAIL_ON_PTR_ERROR(domain, wbc_status);
- if (name != NULL) {
- *name = talloc_strdup(NULL, response.data.name.name);
- BAIL_ON_PTR_ERROR((*name), wbc_status);
- }
+ name = talloc_strdup(NULL, response.data.name.name);
+ BAIL_ON_PTR_ERROR(name, wbc_status);
- if (name_type) {
- *name_type = (enum wbcSidType)response.data.name.type;
- }
+ name_type = (enum wbcSidType)response.data.name.type;
wbc_status = WBC_ERR_SUCCESS;
done:
- if (!WBC_ERROR_IS_OK(wbc_status)) {
- if (*domain)
- talloc_free(*domain);
- if (*name)
- talloc_free(*name);
+ if (WBC_ERROR_IS_OK(wbc_status)) {
+ if (pdomain != NULL) {
+ *pdomain = domain;
+ }
+ if (pname != NULL) {
+ *pname = name;
+ }
+ if (pname_type != NULL) {
+ *pname_type = name_type;
+ }
+ }
+ else {
+ if (name != NULL) {
+ talloc_free(name);
+ }
+ if (domain != NULL) {
+ talloc_free(domain);
+ }
}
return wbc_status;