From 7f9acfae7327ce96bf02064f9a0683de0f985521 Mon Sep 17 00:00:00 2001 From: Volker Lendecke Date: Tue, 17 Jun 2008 14:53:07 +0200 Subject: Fix a segfault in wbcLookupSid If the BAIL_ON_WBC_ERROR directly after wbcRequestResponse kicks in, *domain and *name have not been initialized yet. So the cleanup routine in the done: part of the routine (which did not check for domain!=NULL etc) would access uninitialized memory. Jerry, please check! Thanks, Volker (cherry picked from commit 3d7e0cc40b1992f4555807acec4f00450e30e2de) (This used to be commit ac5ba26bb0488c3fb95072d84898c02b72c5b819) --- source3/nsswitch/libwbclient/wbc_sid.c | 48 ++++++++++++++++++++-------------- 1 file changed, 29 insertions(+), 19 deletions(-) (limited to 'source3/nsswitch') diff --git a/source3/nsswitch/libwbclient/wbc_sid.c b/source3/nsswitch/libwbclient/wbc_sid.c index 500be2f342..93281a85fe 100644 --- a/source3/nsswitch/libwbclient/wbc_sid.c +++ b/source3/nsswitch/libwbclient/wbc_sid.c @@ -228,14 +228,17 @@ wbcErr wbcLookupName(const char *domain, **/ wbcErr wbcLookupSid(const struct wbcDomainSid *sid, - char **domain, - char **name, - enum wbcSidType *name_type) + char **pdomain, + char **pname, + enum wbcSidType *pname_type) { struct winbindd_request request; struct winbindd_response response; wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE; char *sid_string = NULL; + char *domain = NULL; + char *name = NULL; + enum wbcSidType name_type; if (!sid) { wbc_status = WBC_ERR_INVALID_PARAM; @@ -264,28 +267,35 @@ wbcErr wbcLookupSid(const struct wbcDomainSid *sid, /* Copy out result */ - if (domain != NULL) { - *domain = talloc_strdup(NULL, response.data.name.dom_name); - BAIL_ON_PTR_ERROR((*domain), wbc_status); - } + domain = talloc_strdup(NULL, response.data.name.dom_name); + BAIL_ON_PTR_ERROR(domain, wbc_status); - if (name != NULL) { - *name = talloc_strdup(NULL, response.data.name.name); - BAIL_ON_PTR_ERROR((*name), wbc_status); - } + name = talloc_strdup(NULL, response.data.name.name); + BAIL_ON_PTR_ERROR(name, wbc_status); - if (name_type) { - *name_type = (enum wbcSidType)response.data.name.type; - } + name_type = (enum wbcSidType)response.data.name.type; wbc_status = WBC_ERR_SUCCESS; done: - if (!WBC_ERROR_IS_OK(wbc_status)) { - if (*domain) - talloc_free(*domain); - if (*name) - talloc_free(*name); + if (WBC_ERROR_IS_OK(wbc_status)) { + if (pdomain != NULL) { + *pdomain = domain; + } + if (pname != NULL) { + *pname = name; + } + if (pname_type != NULL) { + *pname_type = name_type; + } + } + else { + if (name != NULL) { + talloc_free(name); + } + if (domain != NULL) { + talloc_free(domain); + } } return wbc_status; -- cgit