From 5c1e6f0a9e8aaa5ad5d34062aa6d9f1afafea824 Mon Sep 17 00:00:00 2001 From: Volker Lendecke Date: Tue, 14 Mar 2006 08:27:44 +0000 Subject: r14367: Not that I fully understand what's going on here, but the code as it was here was clearly buggy as Coverity showed with bug id #36. According to samba4 idl the sec_desc_buf is [in,out,ref], so we _have_ to ship it in the request. Volker (This used to be commit 075e784491e6f2b491bd063db08ff1267f9cabbb) --- source3/libmsrpc/cac_winreg.c | 12 ++++++++---- 1 file changed, 8 insertions(+), 4 deletions(-) diff --git a/source3/libmsrpc/cac_winreg.c b/source3/libmsrpc/cac_winreg.c index 8c9f06a59b..4f6ae40808 100644 --- a/source3/libmsrpc/cac_winreg.c +++ b/source3/libmsrpc/cac_winreg.c @@ -823,7 +823,7 @@ int cac_RegGetKeySecurity(CacServerHandle *hnd, TALLOC_CTX *mem_ctx, struct RegG WERROR err; uint32 buf_size; - SEC_DESC_BUF *buf = NULL; + SEC_DESC_BUF buf; if(!hnd) return CAC_FAILURE; @@ -844,7 +844,7 @@ int cac_RegGetKeySecurity(CacServerHandle *hnd, TALLOC_CTX *mem_ctx, struct RegG return CAC_FAILURE; } - err = rpccli_reg_get_key_sec(pipe_hnd, mem_ctx, op->in.key, op->in.info_type, &buf_size, buf); + err = rpccli_reg_get_key_sec(pipe_hnd, mem_ctx, op->in.key, op->in.info_type, &buf_size, &buf); hnd->status = werror_to_ntstatus(err); @@ -852,8 +852,12 @@ int cac_RegGetKeySecurity(CacServerHandle *hnd, TALLOC_CTX *mem_ctx, struct RegG return CAC_FAILURE; } - op->out.size = buf->len; - op->out.descriptor = buf->sec; + op->out.size = buf.len; + op->out.descriptor = dup_sec_desc(mem_ctx, buf.sec); + + if (op->out.descriptor == NULL) { + return CAC_FAILURE; + } return CAC_SUCCESS; } -- cgit