From a20c47410fb74716c0c8b2583fd4d0ae0145fd7d Mon Sep 17 00:00:00 2001
From: Michael Adam <obnox@samba.org>
Date: Tue, 11 Dec 2012 18:05:31 +0100
Subject: s3:auth: fix dereference level in talloc checks in 
 create_token_from_sid()
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Commit c5b150b33fc54ed97dbd0736cc6f4c15977d6e70 introduced these checks.
The current check "found_username == NULL" is wrong (we would segfault earlier
in this case). We need to check *found_username == NULL instead as
noted by Günter.

Reported-by: Günter Kukkukk <linux@kukkukk.com>
Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
---
 source3/auth/token_util.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

(limited to 'source3/auth')

diff --git a/source3/auth/token_util.c b/source3/auth/token_util.c
index 8a73a7198f..9b740b7bc9 100644
--- a/source3/auth/token_util.c
+++ b/source3/auth/token_util.c
@@ -610,7 +610,7 @@ static NTSTATUS create_token_from_sid(TALLOC_CTX *mem_ctx,
 		*found_username = talloc_strdup(mem_ctx,
 						pdb_get_username(sam_acct));
 
-		if (found_username == NULL) {
+		if (*found_username == NULL) {
 			result = NT_STATUS_NO_MEMORY;
 			goto done;
 		}
@@ -705,7 +705,7 @@ static NTSTATUS create_token_from_sid(TALLOC_CTX *mem_ctx,
 
 		/* Ensure we're returning the found_username on the right context. */
 		*found_username = talloc_strdup(mem_ctx, pass->pw_name);
-		if (found_username == NULL) {
+		if (*found_username == NULL) {
 			result = NT_STATUS_NO_MEMORY;
 			goto done;
 		}
-- 
cgit