diff options
| author | Jeremy Allison <jra@samba.org> | 2006-12-09 02:58:18 +0000 |
|---|---|---|
| committer | Gerald (Jerry) Carter <jerry@samba.org> | 2007-10-10 12:16:24 -0500 |
| commit | 63609fbb04d2ce620338b4b79e7c1abf39f08ef8 (patch) | |
| tree | c036fe84a97efbee490c470051cf1de360d502d3 /source3/passdb/pdb_ldap.c | |
| parent | 19ddef3dd9065b04896c626e7b4c691c7bbbec53 (diff) | |
| download | samba-63609fbb04d2ce620338b4b79e7c1abf39f08ef8.tar.gz samba-63609fbb04d2ce620338b4b79e7c1abf39f08ef8.tar.bz2 samba-63609fbb04d2ce620338b4b79e7c1abf39f08ef8.zip | |
r20090: Fix a class of bugs found by James Peach. Ensure
we never mix malloc and talloc'ed contexts in the
add_XX_to_array() and add_XX_to_array_unique()
calls. Ensure that these calls always return
False on out of memory, True otherwise and always
check them. Ensure that the relevent parts of
the conn struct and the nt_user_tokens are
TALLOC_DESTROYED not SAFE_FREE'd.
James - this should fix your crash bug in both
branches.
Jeremy.
(This used to be commit 0ffca7559e07500bd09a64b775e230d448ce5c24)
Diffstat (limited to 'source3/passdb/pdb_ldap.c')
| -rw-r--r-- | source3/passdb/pdb_ldap.c | 51 |
1 files changed, 38 insertions, 13 deletions
diff --git a/source3/passdb/pdb_ldap.c b/source3/passdb/pdb_ldap.c index fbcb0e4616..8ea54ead30 100644 --- a/source3/passdb/pdb_ldap.c +++ b/source3/passdb/pdb_ldap.c @@ -2470,8 +2470,11 @@ static NTSTATUS ldapsam_enum_group_members(struct pdb_methods *methods, sid_peek_rid(&sid, &rid); - add_rid_to_array_unique(mem_ctx, rid, pp_member_rids, - p_num_members); + if (!add_rid_to_array_unique(mem_ctx, rid, pp_member_rids, + p_num_members)) { + ret = NT_STATUS_NO_MEMORY; + goto done; + } } } @@ -2506,8 +2509,11 @@ static NTSTATUS ldapsam_enum_group_members(struct pdb_methods *methods, goto done; } - add_rid_to_array_unique(mem_ctx, rid, pp_member_rids, - p_num_members); + if (!add_rid_to_array_unique(mem_ctx, rid, pp_member_rids, + p_num_members)) { + ret = NT_STATUS_NO_MEMORY; + goto done; + } } ret = NT_STATUS_OK; @@ -2618,11 +2624,17 @@ static NTSTATUS ldapsam_enum_group_memberships(struct pdb_methods *methods, /* We need to add the primary group as the first gid/sid */ - add_gid_to_array_unique(mem_ctx, primary_gid, pp_gids, &num_gids); + if (!add_gid_to_array_unique(mem_ctx, primary_gid, pp_gids, &num_gids)) { + ret = NT_STATUS_NO_MEMORY; + goto done; + } /* This sid will be replaced later */ - add_sid_to_array_unique(mem_ctx, &global_sid_NULL, pp_sids, &num_sids); + if (!add_sid_to_array_unique(mem_ctx, &global_sid_NULL, pp_sids, &num_sids)) { + ret = NT_STATUS_NO_MEMORY; + goto done; + } for (entry = ldap_first_entry(conn->ldap_struct, result); entry != NULL; @@ -2654,10 +2666,16 @@ static NTSTATUS ldapsam_enum_group_memberships(struct pdb_methods *methods, if (gid == primary_gid) { sid_copy(&(*pp_sids)[0], &sid); } else { - add_gid_to_array_unique(mem_ctx, gid, pp_gids, - &num_gids); - add_sid_to_array_unique(mem_ctx, &sid, pp_sids, - &num_sids); + if (!add_gid_to_array_unique(mem_ctx, gid, pp_gids, + &num_gids)) { + ret = NT_STATUS_NO_MEMORY; + goto done; + } + if (!add_sid_to_array_unique(mem_ctx, &sid, pp_sids, + &num_sids)) { + ret = NT_STATUS_NO_MEMORY; + goto done; + } } } @@ -3354,7 +3372,11 @@ static NTSTATUS ldapsam_enum_aliasmem(struct pdb_methods *methods, if (!string_to_sid(&member, values[i])) continue; - add_sid_to_array(NULL, &member, pp_members, &num_members); + if (!add_sid_to_array(NULL, &member, pp_members, &num_members)) { + ldap_value_free(values); + ldap_msgfree(result); + return NT_STATUS_NO_MEMORY; + } } *p_num_members = num_members; @@ -3442,8 +3464,11 @@ static NTSTATUS ldapsam_alias_memberships(struct pdb_methods *methods, if (!sid_peek_check_rid(domain_sid, &sid, &rid)) continue; - add_rid_to_array_unique(mem_ctx, rid, pp_alias_rids, - p_num_alias_rids); + if (!add_rid_to_array_unique(mem_ctx, rid, pp_alias_rids, + p_num_alias_rids)) { + ldap_msgfree(result); + return NT_STATUS_NO_MEMORY; + } } ldap_msgfree(result); |