From 9696bba1d7e8e71ca1d186b174dfa13ac418c5c9 Mon Sep 17 00:00:00 2001 From: Matthias Dieter Wallnöfer Date: Mon, 24 May 2010 21:53:34 +0200 Subject: s4:dsdb_add_user - check the "cn"/"account_name" length (should be >= 1) This needed by the "cn_name_len"-1 accesses. And use a "size_t"-typed variable for storing it (length specificators should always be stored using "size_t" variables). --- source4/dsdb/common/util_samr.c | 19 ++++++++++++------- 1 file changed, 12 insertions(+), 7 deletions(-) diff --git a/source4/dsdb/common/util_samr.c b/source4/dsdb/common/util_samr.c index 42f30e9ba7..ab84bbcf10 100644 --- a/source4/dsdb/common/util_samr.c +++ b/source4/dsdb/common/util_samr.c @@ -42,7 +42,7 @@ NTSTATUS dsdb_add_user(struct ldb_context *ldb, int ret; const char *container, *obj_class=NULL; char *cn_name; - int cn_name_len; + size_t cn_name_len; const char *attrs[] = { "objectSid", @@ -81,21 +81,26 @@ NTSTATUS dsdb_add_user(struct ldb_context *ldb, return NT_STATUS_USER_EXISTS; } - msg = ldb_msg_new(tmp_ctx); - if (msg == NULL) { + cn_name = talloc_strdup(tmp_ctx, account_name); + if (!cn_name) { ldb_transaction_cancel(ldb); talloc_free(tmp_ctx); return NT_STATUS_NO_MEMORY; } - cn_name = talloc_strdup(tmp_ctx, account_name); - if (!cn_name) { + cn_name_len = strlen(cn_name); + if (cn_name_len < 1) { ldb_transaction_cancel(ldb); talloc_free(tmp_ctx); - return NT_STATUS_NO_MEMORY; + return NT_STATUS_INVALID_PARAMETER; } - cn_name_len = strlen(cn_name); + msg = ldb_msg_new(tmp_ctx); + if (msg == NULL) { + ldb_transaction_cancel(ldb); + talloc_free(tmp_ctx); + return NT_STATUS_NO_MEMORY; + } /* This must be one of these values *only* */ if (acct_flags == ACB_NORMAL) { -- cgit