From 63609fbb04d2ce620338b4b79e7c1abf39f08ef8 Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Sat, 9 Dec 2006 02:58:18 +0000 Subject: r20090: Fix a class of bugs found by James Peach. Ensure we never mix malloc and talloc'ed contexts in the add_XX_to_array() and add_XX_to_array_unique() calls. Ensure that these calls always return False on out of memory, True otherwise and always check them. Ensure that the relevent parts of the conn struct and the nt_user_tokens are TALLOC_DESTROYED not SAFE_FREE'd. James - this should fix your crash bug in both branches. Jeremy. (This used to be commit 0ffca7559e07500bd09a64b775e230d448ce5c24) --- source3/groupdb/mapping.c | 2 +- source3/groupdb/mapping_ldb.c | 6 ++---- source3/groupdb/mapping_tdb.c | 10 ++++++---- 3 files changed, 9 insertions(+), 9 deletions(-) (limited to 'source3/groupdb') diff --git a/source3/groupdb/mapping.c b/source3/groupdb/mapping.c index ba1a7d1dee..54cffd1588 100644 --- a/source3/groupdb/mapping.c +++ b/source3/groupdb/mapping.c @@ -591,7 +591,7 @@ NTSTATUS pdb_default_alias_memberships(struct pdb_methods *methods, *p_num_alias_rids += 1; } - SAFE_FREE(alias_sids); + TALLOC_FREE(alias_sids); return NT_STATUS_OK; } diff --git a/source3/groupdb/mapping_ldb.c b/source3/groupdb/mapping_ldb.c index 29d5b49edf..a743c2456e 100644 --- a/source3/groupdb/mapping_ldb.c +++ b/source3/groupdb/mapping_ldb.c @@ -423,8 +423,7 @@ failed: goto failed; } string_to_sid(&alias, (char *)el->values[0].data); - add_sid_to_array_unique(NULL, &alias, sids, num); - if (sids == NULL) { + if (!add_sid_to_array_unique(NULL, &alias, sids, num)) { status = NT_STATUS_NO_MEMORY; goto failed; } @@ -558,8 +557,7 @@ static NTSTATUS modify_aliasmem(const DOM_SID *alias, const DOM_SID *member, for (i=0;inum_values;i++) { DOM_SID sid; string_to_sid(&sid, (const char *)el->values[i].data); - add_sid_to_array_unique(NULL, &sid, sids, num); - if (sids == NULL) { + if (!add_sid_to_array_unique(NULL, &sid, sids, num)) { talloc_free(dn); return NT_STATUS_NO_MEMORY; } diff --git a/source3/groupdb/mapping_tdb.c b/source3/groupdb/mapping_tdb.c index 12b7c682fb..cff557ff13 100644 --- a/source3/groupdb/mapping_tdb.c +++ b/source3/groupdb/mapping_tdb.c @@ -429,10 +429,9 @@ BOOL enum_group_mapping(const DOM_SID *domsid, enum lsa_SidType sid_name_use, GR if (!string_to_sid(&alias, string_sid)) continue; - add_sid_to_array_unique(NULL, &alias, sids, num); - - if (sids == NULL) + if (!add_sid_to_array_unique(NULL, &alias, sids, num)) { return NT_STATUS_NO_MEMORY; + } } SAFE_FREE(dbuf.dptr); @@ -577,7 +576,10 @@ static int collect_aliasmem(TDB_CONTEXT *tdb_ctx, TDB_DATA key, TDB_DATA data, if (!string_to_sid(&member, member_string)) continue; - add_sid_to_array(NULL, &member, closure->sids, closure->num); + if (!add_sid_to_array(NULL, &member, closure->sids, closure->num)) { + /* talloc fail. */ + break; + } } return 0; -- cgit