diff options
author | Volker Lendecke <vl@samba.org> | 2008-06-17 14:53:07 +0200 |
---|---|---|
committer | Volker Lendecke <vl@samba.org> | 2008-06-17 15:22:04 +0200 |
commit | 7f9acfae7327ce96bf02064f9a0683de0f985521 (patch) | |
tree | 13091adaed76163757c52ba6f8422cbcffd81806 /source3/nsswitch/libwbclient | |
parent | 08d63adc6197b5bbe7a64c4e8e1b547e5c478797 (diff) | |
download | samba-7f9acfae7327ce96bf02064f9a0683de0f985521.tar.gz samba-7f9acfae7327ce96bf02064f9a0683de0f985521.tar.bz2 samba-7f9acfae7327ce96bf02064f9a0683de0f985521.zip |
Fix a segfault in wbcLookupSid
If the BAIL_ON_WBC_ERROR directly after wbcRequestResponse kicks in, *domain
and *name have not been initialized yet. So the cleanup routine in the done:
part of the routine (which did not check for domain!=NULL etc) would access
uninitialized memory.
Jerry, please check!
Thanks,
Volker
(cherry picked from commit 3d7e0cc40b1992f4555807acec4f00450e30e2de)
(This used to be commit ac5ba26bb0488c3fb95072d84898c02b72c5b819)
Diffstat (limited to 'source3/nsswitch/libwbclient')
-rw-r--r-- | source3/nsswitch/libwbclient/wbc_sid.c | 48 |
1 files changed, 29 insertions, 19 deletions
diff --git a/source3/nsswitch/libwbclient/wbc_sid.c b/source3/nsswitch/libwbclient/wbc_sid.c index 500be2f342..93281a85fe 100644 --- a/source3/nsswitch/libwbclient/wbc_sid.c +++ b/source3/nsswitch/libwbclient/wbc_sid.c @@ -228,14 +228,17 @@ wbcErr wbcLookupName(const char *domain, **/ wbcErr wbcLookupSid(const struct wbcDomainSid *sid, - char **domain, - char **name, - enum wbcSidType *name_type) + char **pdomain, + char **pname, + enum wbcSidType *pname_type) { struct winbindd_request request; struct winbindd_response response; wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE; char *sid_string = NULL; + char *domain = NULL; + char *name = NULL; + enum wbcSidType name_type; if (!sid) { wbc_status = WBC_ERR_INVALID_PARAM; @@ -264,28 +267,35 @@ wbcErr wbcLookupSid(const struct wbcDomainSid *sid, /* Copy out result */ - if (domain != NULL) { - *domain = talloc_strdup(NULL, response.data.name.dom_name); - BAIL_ON_PTR_ERROR((*domain), wbc_status); - } + domain = talloc_strdup(NULL, response.data.name.dom_name); + BAIL_ON_PTR_ERROR(domain, wbc_status); - if (name != NULL) { - *name = talloc_strdup(NULL, response.data.name.name); - BAIL_ON_PTR_ERROR((*name), wbc_status); - } + name = talloc_strdup(NULL, response.data.name.name); + BAIL_ON_PTR_ERROR(name, wbc_status); - if (name_type) { - *name_type = (enum wbcSidType)response.data.name.type; - } + name_type = (enum wbcSidType)response.data.name.type; wbc_status = WBC_ERR_SUCCESS; done: - if (!WBC_ERROR_IS_OK(wbc_status)) { - if (*domain) - talloc_free(*domain); - if (*name) - talloc_free(*name); + if (WBC_ERROR_IS_OK(wbc_status)) { + if (pdomain != NULL) { + *pdomain = domain; + } + if (pname != NULL) { + *pname = name; + } + if (pname_type != NULL) { + *pname_type = name_type; + } + } + else { + if (name != NULL) { + talloc_free(name); + } + if (domain != NULL) { + talloc_free(domain); + } } return wbc_status; |