diff options
author | Volker Lendecke <vl@samba.org> | 2008-06-17 15:17:22 +0200 |
---|---|---|
committer | Volker Lendecke <vl@samba.org> | 2008-06-17 15:22:13 +0200 |
commit | 6f66dbcda681a374ceacce45567de9249d87864a (patch) | |
tree | d9d20fbcd391a4fd9db9f5370258d6ddfb315392 /source3/nsswitch | |
parent | 7f9acfae7327ce96bf02064f9a0683de0f985521 (diff) | |
download | samba-6f66dbcda681a374ceacce45567de9249d87864a.tar.gz samba-6f66dbcda681a374ceacce45567de9249d87864a.tar.bz2 samba-6f66dbcda681a374ceacce45567de9249d87864a.zip |
Fix a segfault in wbcLookupRids
The done: part could access uninitialized memory if intermediate
BAIL_ON_WBC_ERROR fire.
Jerry, please check!
Thanks,
Volker
(cherry picked from commit 31f4c33dcc744e81be54389756378e25aa2bb75e)
(This used to be commit 5b12d8aa510689114e5413be5afe6aeb6ec2d9db)
Diffstat (limited to 'source3/nsswitch')
-rw-r--r-- | source3/nsswitch/libwbclient/wbc_sid.c | 37 |
1 files changed, 21 insertions, 16 deletions
diff --git a/source3/nsswitch/libwbclient/wbc_sid.c b/source3/nsswitch/libwbclient/wbc_sid.c index 93281a85fe..b0909263fc 100644 --- a/source3/nsswitch/libwbclient/wbc_sid.c +++ b/source3/nsswitch/libwbclient/wbc_sid.c @@ -309,8 +309,8 @@ wbcErr wbcLookupRids(struct wbcDomainSid *dom_sid, int num_rids, uint32_t *rids, const char **pp_domain_name, - const char ***names, - enum wbcSidType **types) + const char ***pnames, + enum wbcSidType **ptypes) { size_t i, len, ridbuf_size; char *ridlist; @@ -319,6 +319,8 @@ wbcErr wbcLookupRids(struct wbcDomainSid *dom_sid, struct winbindd_response response; char *sid_string = NULL; char *domain_name = NULL; + const char **names = NULL; + enum wbcSidType *types = NULL; wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE; /* Initialise request */ @@ -370,11 +372,11 @@ wbcErr wbcLookupRids(struct wbcDomainSid *dom_sid, domain_name = talloc_strdup(NULL, response.data.domain_name); BAIL_ON_PTR_ERROR(domain_name, wbc_status); - *names = talloc_array(NULL, const char*, num_rids); - BAIL_ON_PTR_ERROR((*names), wbc_status); + names = talloc_array(NULL, const char*, num_rids); + BAIL_ON_PTR_ERROR(names, wbc_status); - *types = talloc_array(NULL, enum wbcSidType, num_rids); - BAIL_ON_PTR_ERROR((*types), wbc_status); + types = talloc_array(NULL, enum wbcSidType, num_rids); + BAIL_ON_PTR_ERROR(types, wbc_status); p = (char *)response.extra_data.data; @@ -386,7 +388,7 @@ wbcErr wbcLookupRids(struct wbcDomainSid *dom_sid, BAIL_ON_WBC_ERROR(wbc_status); } - (*types)[i] = (enum wbcSidType)strtoul(p, &q, 10); + types[i] = (enum wbcSidType)strtoul(p, &q, 10); if (*q != ' ') { wbc_status = WBC_ERR_INVALID_RESPONSE; @@ -402,8 +404,8 @@ wbcErr wbcLookupRids(struct wbcDomainSid *dom_sid, *q = '\0'; - (*names)[i] = talloc_strdup((*names), p); - BAIL_ON_PTR_ERROR(((*names)[i]), wbc_status); + names[i] = talloc_strdup(names, p); + BAIL_ON_PTR_ERROR(names[i], wbc_status); p = q+1; } @@ -420,15 +422,18 @@ wbcErr wbcLookupRids(struct wbcDomainSid *dom_sid, free(response.extra_data.data); } - if (!WBC_ERROR_IS_OK(wbc_status)) { + if (WBC_ERROR_IS_OK(wbc_status)) { + *pp_domain_name = domain_name; + *pnames = names; + *ptypes = types; + } + else { if (domain_name) talloc_free(domain_name); - if (*names) - talloc_free(*names); - if (*types) - talloc_free(*types); - } else { - *pp_domain_name = domain_name; + if (names) + talloc_free(names); + if (types) + talloc_free(types); } return wbc_status; |