diff options
author | Jeremy Allison <jra@samba.org> | 2006-12-09 02:58:18 +0000 |
---|---|---|
committer | Gerald (Jerry) Carter <jerry@samba.org> | 2007-10-10 12:16:24 -0500 |
commit | 63609fbb04d2ce620338b4b79e7c1abf39f08ef8 (patch) | |
tree | c036fe84a97efbee490c470051cf1de360d502d3 /source3/nsswitch/winbindd_async.c | |
parent | 19ddef3dd9065b04896c626e7b4c691c7bbbec53 (diff) | |
download | samba-63609fbb04d2ce620338b4b79e7c1abf39f08ef8.tar.gz samba-63609fbb04d2ce620338b4b79e7c1abf39f08ef8.tar.bz2 samba-63609fbb04d2ce620338b4b79e7c1abf39f08ef8.zip |
r20090: Fix a class of bugs found by James Peach. Ensure
we never mix malloc and talloc'ed contexts in the
add_XX_to_array() and add_XX_to_array_unique()
calls. Ensure that these calls always return
False on out of memory, True otherwise and always
check them. Ensure that the relevent parts of
the conn struct and the nt_user_tokens are
TALLOC_DESTROYED not SAFE_FREE'd.
James - this should fix your crash bug in both
branches.
Jeremy.
(This used to be commit 0ffca7559e07500bd09a64b775e230d448ce5c24)
Diffstat (limited to 'source3/nsswitch/winbindd_async.c')
-rw-r--r-- | source3/nsswitch/winbindd_async.c | 27 |
1 files changed, 20 insertions, 7 deletions
diff --git a/source3/nsswitch/winbindd_async.c b/source3/nsswitch/winbindd_async.c index 4021106516..607a9947ea 100644 --- a/source3/nsswitch/winbindd_async.c +++ b/source3/nsswitch/winbindd_async.c @@ -774,7 +774,9 @@ static BOOL parse_sidlist(TALLOC_CTX *mem_ctx, char *sidstr, DEBUG(0, ("Could not parse sid %s\n", p)); return False; } - add_sid_to_array(mem_ctx, &sid, sids, num_sids); + if (!add_sid_to_array(mem_ctx, &sid, sids, num_sids)) { + return False; + } p = q; } return True; @@ -985,7 +987,9 @@ enum winbindd_result winbindd_dual_getsidaliases(struct winbindd_domain *domain, DEBUGADD(10, (" rid %d\n", alias_rids[i])); sid_copy(&sid, &domain->sid); sid_append_rid(&sid, alias_rids[i]); - add_sid_to_array(state->mem_ctx, &sid, &sids, &num_sids); + if (!add_sid_to_array(state->mem_ctx, &sid, &sids, &num_sids)) { + return WINBINDD_ERROR; + } } @@ -1096,8 +1100,12 @@ static void gettoken_recvdomgroups(TALLOC_CTX *mem_ctx, BOOL success, state->sids = NULL; state->num_sids = 0; - add_sid_to_array(mem_ctx, &state->user_sid, &state->sids, - &state->num_sids); + if (!add_sid_to_array(mem_ctx, &state->user_sid, &state->sids, + &state->num_sids)) { + DEBUG(0, ("Out of memory\n")); + state->cont(state->private_data, False, NULL, 0); + return; + } if (sids_str && !parse_sidlist(mem_ctx, sids_str, &state->sids, &state->num_sids)) { @@ -1133,9 +1141,14 @@ static void gettoken_recvaliases(void *private_data, BOOL success, return; } - for (i=0; i<num_aliases; i++) - add_sid_to_array(state->mem_ctx, &aliases[i], - &state->sids, &state->num_sids); + for (i=0; i<num_aliases; i++) { + if (!add_sid_to_array(state->mem_ctx, &aliases[i], + &state->sids, &state->num_sids)) { + DEBUG(0, ("Out of memory\n")); + state->cont(state->private_data, False, NULL, 0); + return; + } + } if (state->local_alias_domain != NULL) { struct winbindd_domain *local_domain = state->local_alias_domain; |