Don't segfault on invalid objectClass input.

If the objectClass found does not include a defaultSecurityDescriptor,
then we should not segfault in the SDDL parser.

Andrew Bartlett
(This used to be commit 5a92771fb55149fcf24f21f30e4c6a622bef44f8)

1 files changed, 13 insertions, 6 deletions

diff --git a/source4/dsdb/samdb/ldb_modules/objectclass.c b/source4/dsdb/samdb/ldb_modules/objectclass.c
index e63ad4de56..537a56045d 100644
--- a/source4/dsdb/samdb/ldb_modules/objectclass.c
+++ b/source4/dsdb/samdb/ldb_modules/objectclass.c
@@ -257,12 +257,17 @@ static DATA_BLOB *get_sd(struct ldb_module *module, TALLOC_CTX *mem_ctx,
 	DATA_BLOB *linear_sd;
 	struct auth_session_info *session_info
 		= ldb_get_opaque(module->ldb, "sessionInfo");
-	struct security_descriptor *sd
-		= sddl_decode(mem_ctx, 
-			      objectclass->defaultSecurityDescriptor,
-			      samdb_domain_sid(module->ldb));
+	struct security_descriptor *sd;
 
-	if (!session_info || !session_info->security_token) {
+	if (!objectclass->defaultSecurityDescriptor) {
+		return NULL;
+	}
+	
+	sd = sddl_decode(mem_ctx, 
+			 objectclass->defaultSecurityDescriptor,
+			 samdb_domain_sid(module->ldb));
+
+	if (!sd || !session_info || !session_info->security_token) {
 		return NULL;
 	}
 	
@@ -538,7 +543,9 @@ static int objectclass_do_add(struct ldb_handle *h)
 				}
 				if (!ldb_msg_find_element(msg, "nTSecurityDescriptor")) {
 					DATA_BLOB *sd = get_sd(ac->module, mem_ctx, current->objectclass);
-					ldb_msg_add_steal_value(msg, "nTSecurityDescriptor", sd);
+					if (sd) {
+						ldb_msg_add_steal_value(msg, "nTSecurityDescriptor", sd);
+					}
 				}
 			}
 		}