diff options
author | Jeremy Allison <jra@samba.org> | 2006-12-09 02:58:18 +0000 |
---|---|---|
committer | Gerald (Jerry) Carter <jerry@samba.org> | 2007-10-10 12:16:24 -0500 |
commit | 63609fbb04d2ce620338b4b79e7c1abf39f08ef8 (patch) | |
tree | c036fe84a97efbee490c470051cf1de360d502d3 /source3/passdb/pdb_interface.c | |
parent | 19ddef3dd9065b04896c626e7b4c691c7bbbec53 (diff) | |
download | samba-63609fbb04d2ce620338b4b79e7c1abf39f08ef8.tar.gz samba-63609fbb04d2ce620338b4b79e7c1abf39f08ef8.tar.bz2 samba-63609fbb04d2ce620338b4b79e7c1abf39f08ef8.zip |
r20090: Fix a class of bugs found by James Peach. Ensure
we never mix malloc and talloc'ed contexts in the
add_XX_to_array() and add_XX_to_array_unique()
calls. Ensure that these calls always return
False on out of memory, True otherwise and always
check them. Ensure that the relevent parts of
the conn struct and the nt_user_tokens are
TALLOC_DESTROYED not SAFE_FREE'd.
James - this should fix your crash bug in both
branches.
Jeremy.
(This used to be commit 0ffca7559e07500bd09a64b775e230d448ce5c24)
Diffstat (limited to 'source3/passdb/pdb_interface.c')
-rw-r--r-- | source3/passdb/pdb_interface.c | 30 |
1 files changed, 18 insertions, 12 deletions
diff --git a/source3/passdb/pdb_interface.c b/source3/passdb/pdb_interface.c index 607a8b91d3..b84b0bfaff 100644 --- a/source3/passdb/pdb_interface.c +++ b/source3/passdb/pdb_interface.c @@ -1271,23 +1271,24 @@ static BOOL pdb_default_sid_to_id(struct pdb_methods *methods, return ret; } -static void add_uid_to_array_unique(TALLOC_CTX *mem_ctx, +static BOOL add_uid_to_array_unique(TALLOC_CTX *mem_ctx, uid_t uid, uid_t **pp_uids, size_t *p_num) { size_t i; for (i=0; i<*p_num; i++) { if ((*pp_uids)[i] == uid) - return; + return True; } *pp_uids = TALLOC_REALLOC_ARRAY(mem_ctx, *pp_uids, uid_t, *p_num+1); if (*pp_uids == NULL) - return; + return False; (*pp_uids)[*p_num] = uid; *p_num += 1; + return True; } static BOOL get_memberuids(TALLOC_CTX *mem_ctx, gid_t gid, uid_t **pp_uids, size_t *p_num) @@ -1296,6 +1297,7 @@ static BOOL get_memberuids(TALLOC_CTX *mem_ctx, gid_t gid, uid_t **pp_uids, size char **gr; struct passwd *pwd; BOOL winbind_env; + BOOL ret = False; *pp_uids = NULL; *p_num = 0; @@ -1306,19 +1308,17 @@ static BOOL get_memberuids(TALLOC_CTX *mem_ctx, gid_t gid, uid_t **pp_uids, size if ((grp = getgrgid(gid)) == NULL) { /* allow winbindd lookups, but only if they weren't already disabled */ - if (!winbind_env) { - winbind_on(); - } - - return False; + goto done; } /* Primary group members */ setpwent(); while ((pwd = getpwent()) != NULL) { if (pwd->pw_gid == gid) { - add_uid_to_array_unique(mem_ctx, pwd->pw_uid, - pp_uids, p_num); + if (!add_uid_to_array_unique(mem_ctx, pwd->pw_uid, + pp_uids, p_num)) { + goto done; + } } } endpwent(); @@ -1329,15 +1329,21 @@ static BOOL get_memberuids(TALLOC_CTX *mem_ctx, gid_t gid, uid_t **pp_uids, size if (pw == NULL) continue; - add_uid_to_array_unique(mem_ctx, pw->pw_uid, pp_uids, p_num); + if (!add_uid_to_array_unique(mem_ctx, pw->pw_uid, pp_uids, p_num)) { + goto done; + } } + ret = True; + + done: + /* allow winbindd lookups, but only if they weren't already disabled */ if (!winbind_env) { winbind_on(); } - return True; + return ret; } NTSTATUS pdb_default_enum_group_members(struct pdb_methods *methods, |