diff options
author | Jeremy Allison <jra@samba.org> | 2006-12-09 02:58:18 +0000 |
---|---|---|
committer | Gerald (Jerry) Carter <jerry@samba.org> | 2007-10-10 12:16:24 -0500 |
commit | 63609fbb04d2ce620338b4b79e7c1abf39f08ef8 (patch) | |
tree | c036fe84a97efbee490c470051cf1de360d502d3 /source3/passdb | |
parent | 19ddef3dd9065b04896c626e7b4c691c7bbbec53 (diff) | |
download | samba-63609fbb04d2ce620338b4b79e7c1abf39f08ef8.tar.gz samba-63609fbb04d2ce620338b4b79e7c1abf39f08ef8.tar.bz2 samba-63609fbb04d2ce620338b4b79e7c1abf39f08ef8.zip |
r20090: Fix a class of bugs found by James Peach. Ensure
we never mix malloc and talloc'ed contexts in the
add_XX_to_array() and add_XX_to_array_unique()
calls. Ensure that these calls always return
False on out of memory, True otherwise and always
check them. Ensure that the relevent parts of
the conn struct and the nt_user_tokens are
TALLOC_DESTROYED not SAFE_FREE'd.
James - this should fix your crash bug in both
branches.
Jeremy.
(This used to be commit 0ffca7559e07500bd09a64b775e230d448ce5c24)
Diffstat (limited to 'source3/passdb')
-rw-r--r-- | source3/passdb/pdb_interface.c | 30 | ||||
-rw-r--r-- | source3/passdb/pdb_ldap.c | 51 |
2 files changed, 56 insertions, 25 deletions
diff --git a/source3/passdb/pdb_interface.c b/source3/passdb/pdb_interface.c index 607a8b91d3..b84b0bfaff 100644 --- a/source3/passdb/pdb_interface.c +++ b/source3/passdb/pdb_interface.c @@ -1271,23 +1271,24 @@ static BOOL pdb_default_sid_to_id(struct pdb_methods *methods, return ret; } -static void add_uid_to_array_unique(TALLOC_CTX *mem_ctx, +static BOOL add_uid_to_array_unique(TALLOC_CTX *mem_ctx, uid_t uid, uid_t **pp_uids, size_t *p_num) { size_t i; for (i=0; i<*p_num; i++) { if ((*pp_uids)[i] == uid) - return; + return True; } *pp_uids = TALLOC_REALLOC_ARRAY(mem_ctx, *pp_uids, uid_t, *p_num+1); if (*pp_uids == NULL) - return; + return False; (*pp_uids)[*p_num] = uid; *p_num += 1; + return True; } static BOOL get_memberuids(TALLOC_CTX *mem_ctx, gid_t gid, uid_t **pp_uids, size_t *p_num) @@ -1296,6 +1297,7 @@ static BOOL get_memberuids(TALLOC_CTX *mem_ctx, gid_t gid, uid_t **pp_uids, size char **gr; struct passwd *pwd; BOOL winbind_env; + BOOL ret = False; *pp_uids = NULL; *p_num = 0; @@ -1306,19 +1308,17 @@ static BOOL get_memberuids(TALLOC_CTX *mem_ctx, gid_t gid, uid_t **pp_uids, size if ((grp = getgrgid(gid)) == NULL) { /* allow winbindd lookups, but only if they weren't already disabled */ - if (!winbind_env) { - winbind_on(); - } - - return False; + goto done; } /* Primary group members */ setpwent(); while ((pwd = getpwent()) != NULL) { if (pwd->pw_gid == gid) { - add_uid_to_array_unique(mem_ctx, pwd->pw_uid, - pp_uids, p_num); + if (!add_uid_to_array_unique(mem_ctx, pwd->pw_uid, + pp_uids, p_num)) { + goto done; + } } } endpwent(); @@ -1329,15 +1329,21 @@ static BOOL get_memberuids(TALLOC_CTX *mem_ctx, gid_t gid, uid_t **pp_uids, size if (pw == NULL) continue; - add_uid_to_array_unique(mem_ctx, pw->pw_uid, pp_uids, p_num); + if (!add_uid_to_array_unique(mem_ctx, pw->pw_uid, pp_uids, p_num)) { + goto done; + } } + ret = True; + + done: + /* allow winbindd lookups, but only if they weren't already disabled */ if (!winbind_env) { winbind_on(); } - return True; + return ret; } NTSTATUS pdb_default_enum_group_members(struct pdb_methods *methods, diff --git a/source3/passdb/pdb_ldap.c b/source3/passdb/pdb_ldap.c index fbcb0e4616..8ea54ead30 100644 --- a/source3/passdb/pdb_ldap.c +++ b/source3/passdb/pdb_ldap.c @@ -2470,8 +2470,11 @@ static NTSTATUS ldapsam_enum_group_members(struct pdb_methods *methods, sid_peek_rid(&sid, &rid); - add_rid_to_array_unique(mem_ctx, rid, pp_member_rids, - p_num_members); + if (!add_rid_to_array_unique(mem_ctx, rid, pp_member_rids, + p_num_members)) { + ret = NT_STATUS_NO_MEMORY; + goto done; + } } } @@ -2506,8 +2509,11 @@ static NTSTATUS ldapsam_enum_group_members(struct pdb_methods *methods, goto done; } - add_rid_to_array_unique(mem_ctx, rid, pp_member_rids, - p_num_members); + if (!add_rid_to_array_unique(mem_ctx, rid, pp_member_rids, + p_num_members)) { + ret = NT_STATUS_NO_MEMORY; + goto done; + } } ret = NT_STATUS_OK; @@ -2618,11 +2624,17 @@ static NTSTATUS ldapsam_enum_group_memberships(struct pdb_methods *methods, /* We need to add the primary group as the first gid/sid */ - add_gid_to_array_unique(mem_ctx, primary_gid, pp_gids, &num_gids); + if (!add_gid_to_array_unique(mem_ctx, primary_gid, pp_gids, &num_gids)) { + ret = NT_STATUS_NO_MEMORY; + goto done; + } /* This sid will be replaced later */ - add_sid_to_array_unique(mem_ctx, &global_sid_NULL, pp_sids, &num_sids); + if (!add_sid_to_array_unique(mem_ctx, &global_sid_NULL, pp_sids, &num_sids)) { + ret = NT_STATUS_NO_MEMORY; + goto done; + } for (entry = ldap_first_entry(conn->ldap_struct, result); entry != NULL; @@ -2654,10 +2666,16 @@ static NTSTATUS ldapsam_enum_group_memberships(struct pdb_methods *methods, if (gid == primary_gid) { sid_copy(&(*pp_sids)[0], &sid); } else { - add_gid_to_array_unique(mem_ctx, gid, pp_gids, - &num_gids); - add_sid_to_array_unique(mem_ctx, &sid, pp_sids, - &num_sids); + if (!add_gid_to_array_unique(mem_ctx, gid, pp_gids, + &num_gids)) { + ret = NT_STATUS_NO_MEMORY; + goto done; + } + if (!add_sid_to_array_unique(mem_ctx, &sid, pp_sids, + &num_sids)) { + ret = NT_STATUS_NO_MEMORY; + goto done; + } } } @@ -3354,7 +3372,11 @@ static NTSTATUS ldapsam_enum_aliasmem(struct pdb_methods *methods, if (!string_to_sid(&member, values[i])) continue; - add_sid_to_array(NULL, &member, pp_members, &num_members); + if (!add_sid_to_array(NULL, &member, pp_members, &num_members)) { + ldap_value_free(values); + ldap_msgfree(result); + return NT_STATUS_NO_MEMORY; + } } *p_num_members = num_members; @@ -3442,8 +3464,11 @@ static NTSTATUS ldapsam_alias_memberships(struct pdb_methods *methods, if (!sid_peek_check_rid(domain_sid, &sid, &rid)) continue; - add_rid_to_array_unique(mem_ctx, rid, pp_alias_rids, - p_num_alias_rids); + if (!add_rid_to_array_unique(mem_ctx, rid, pp_alias_rids, + p_num_alias_rids)) { + ldap_msgfree(result); + return NT_STATUS_NO_MEMORY; + } } ldap_msgfree(result); |