diff options
| author | Andrew Bartlett <abartlet@samba.org> | 2007-07-23 01:46:39 +0000 |
|---|---|---|
| committer | Gerald (Jerry) Carter <jerry@samba.org> | 2007-10-10 15:01:16 -0500 |
| commit | b7f9e85db13c8a6959b7c391efdaa3c723d2772e (patch) | |
| tree | a92b7e8feab612745223f81bbd94c28b31b9f2ed /source4 | |
| parent | 62b56dc2db5285a55d1abc3a849db8fd96e0ac8f (diff) | |
| download | samba-b7f9e85db13c8a6959b7c391efdaa3c723d2772e.tar.gz samba-b7f9e85db13c8a6959b7c391efdaa3c723d2772e.tar.bz2 samba-b7f9e85db13c8a6959b7c391efdaa3c723d2772e.zip | |
r23993: Attempt to fix bug #4808, reported by mwallnoefer@yahoo.de. The issue
is that when we all ldb_msg_add_empty(), we might realloc() the
msg->elements array. We need to ensure the source pointer (when
copying an element from the same msg) is still valid, or the data
copied.
Andrew Bartlett
(This used to be commit 0fbea30577233d00e7c6cdd4faaece0f99fc57b1)
Diffstat (limited to 'source4')
| -rw-r--r-- | source4/lib/ldb/common/ldb_msg.c | 5 |
1 files changed, 4 insertions, 1 deletions
diff --git a/source4/lib/ldb/common/ldb_msg.c b/source4/lib/ldb/common/ldb_msg.c index 69a2ab749b..e9c04df55a 100644 --- a/source4/lib/ldb/common/ldb_msg.c +++ b/source4/lib/ldb/common/ldb_msg.c @@ -162,11 +162,14 @@ int ldb_msg_add(struct ldb_message *msg, const struct ldb_message_element *el, int flags) { + /* We have to copy this, just in case *el is a pointer into + * what ldb_msg_add_empty() is about to realloc() */ + struct ldb_message_element el_copy = *el; if (ldb_msg_add_empty(msg, el->name, flags, NULL) != 0) { return LDB_ERR_OPERATIONS_ERROR; } - msg->elements[msg->num_elements-1] = *el; + msg->elements[msg->num_elements-1] = el_copy; msg->elements[msg->num_elements-1].flags = flags; return LDB_SUCCESS; |