From 2e6deee0208aba89fb3ecc7ead62d867e4da20ea Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Sat, 9 Jun 2007 00:13:07 +0000 Subject: r23400: Fix lsa crash bug #4683. The "names" enum struct in a lookup_sidX reply isn't optional - like the lookup_sidX query it needs to be defined in the struct. All this will go away with PIDL (thank goodness....). Jerry - I think this is a showstopper to be merged for 3.0.25b. I'll be watching the build farm to see if anything broke. Jeremy. (This used to be commit 9300b92f7a51eb80fdc039d8dad23ea9ce82aa8f) --- source3/rpc_server/srv_lsa_nt.c | 35 ++++++++++------------------------- 1 file changed, 10 insertions(+), 25 deletions(-) (limited to 'source3/rpc_server/srv_lsa_nt.c') diff --git a/source3/rpc_server/srv_lsa_nt.c b/source3/rpc_server/srv_lsa_nt.c index bde1ef81da..f9b86d0c67 100644 --- a/source3/rpc_server/srv_lsa_nt.c +++ b/source3/rpc_server/srv_lsa_nt.c @@ -380,12 +380,10 @@ static void init_reply_lookup_names4(LSA_R_LOOKUP_NAMES4 *r_l, static void init_reply_lookup_sids2(LSA_R_LOOKUP_SIDS2 *r_l, DOM_R_REF *ref, - LSA_TRANS_NAME_ENUM2 *names, uint32 mapped_count) { r_l->ptr_dom_ref = ref ? 1 : 0; r_l->dom_ref = ref; - r_l->names = names; r_l->mapped_count = mapped_count; } @@ -395,12 +393,10 @@ static void init_reply_lookup_sids2(LSA_R_LOOKUP_SIDS2 *r_l, static void init_reply_lookup_sids3(LSA_R_LOOKUP_SIDS3 *r_l, DOM_R_REF *ref, - LSA_TRANS_NAME_ENUM2 *names, uint32 mapped_count) { r_l->ptr_dom_ref = ref ? 1 : 0; r_l->dom_ref = ref; - r_l->names = names; r_l->mapped_count = mapped_count; } @@ -414,11 +410,7 @@ static NTSTATUS init_reply_lookup_sids(TALLOC_CTX *mem_ctx, LSA_TRANS_NAME_ENUM2 *names, uint32 mapped_count) { - LSA_TRANS_NAME_ENUM *oldnames = TALLOC_ZERO_P(mem_ctx, LSA_TRANS_NAME_ENUM); - - if (!oldnames) { - return NT_STATUS_NO_MEMORY; - } + LSA_TRANS_NAME_ENUM *oldnames = &r_l->names; oldnames->num_entries = names->num_entries; oldnames->ptr_trans_names = names->ptr_trans_names; @@ -442,7 +434,6 @@ static NTSTATUS init_reply_lookup_sids(TALLOC_CTX *mem_ctx, r_l->ptr_dom_ref = ref ? 1 : 0; r_l->dom_ref = ref; - r_l->names = oldnames; r_l->mapped_count = mapped_count; return NT_STATUS_OK; } @@ -810,13 +801,12 @@ static NTSTATUS _lsa_lookup_sids_internal(pipes_struct *p, int num_sids, /* input */ const DOM_SID2 *sid, /* input */ DOM_R_REF **pp_ref, /* output */ - LSA_TRANS_NAME_ENUM2 **pp_names, /* output */ + LSA_TRANS_NAME_ENUM2 *names, /* input/output */ uint32 *pp_mapped_count) { NTSTATUS status; int i; const DOM_SID **sids = NULL; - LSA_TRANS_NAME_ENUM2 *names = NULL; DOM_R_REF *ref = NULL; uint32 mapped_count = 0; struct lsa_dom_info *dom_infos = NULL; @@ -824,17 +814,16 @@ static NTSTATUS _lsa_lookup_sids_internal(pipes_struct *p, *pp_mapped_count = 0; *pp_ref = NULL; - *pp_names = NULL; + ZERO_STRUCTP(names); if (num_sids == 0) { return NT_STATUS_OK; } - names = TALLOC_ZERO_P(p->mem_ctx, LSA_TRANS_NAME_ENUM2); sids = TALLOC_ARRAY(p->mem_ctx, const DOM_SID *, num_sids); ref = TALLOC_ZERO_P(p->mem_ctx, DOM_R_REF); - if (sids == NULL || names == NULL || ref == NULL) { + if (sids == NULL || ref == NULL) { return NT_STATUS_NO_MEMORY; } @@ -907,7 +896,6 @@ static NTSTATUS _lsa_lookup_sids_internal(pipes_struct *p, *pp_mapped_count = mapped_count; *pp_ref = ref; - *pp_names = names; return status; } @@ -924,7 +912,7 @@ NTSTATUS _lsa_lookup_sids(pipes_struct *p, int num_sids = q_u->sids.num_entries; uint32 mapped_count = 0; DOM_R_REF *ref = NULL; - LSA_TRANS_NAME_ENUM2 *names = NULL; + LSA_TRANS_NAME_ENUM2 names; NTSTATUS status; if ((q_u->level < 1) || (q_u->level > 6)) { @@ -956,7 +944,7 @@ NTSTATUS _lsa_lookup_sids(pipes_struct *p, /* Convert from LSA_TRANS_NAME_ENUM2 to LSA_TRANS_NAME_ENUM */ - status = init_reply_lookup_sids(p->mem_ctx, r_u, ref, names, mapped_count); + status = init_reply_lookup_sids(p->mem_ctx, r_u, ref, &names, mapped_count); if (!NT_STATUS_IS_OK(status)) { return status; } @@ -975,7 +963,6 @@ NTSTATUS _lsa_lookup_sids2(pipes_struct *p, int num_sids = q_u->sids.num_entries; uint32 mapped_count = 0; DOM_R_REF *ref = NULL; - LSA_TRANS_NAME_ENUM2 *names = NULL; if ((q_u->level < 1) || (q_u->level > 6)) { return NT_STATUS_INVALID_PARAMETER; @@ -1001,10 +988,10 @@ NTSTATUS _lsa_lookup_sids2(pipes_struct *p, num_sids, q_u->sids.sid, &ref, - &names, + &r_u->names, &mapped_count); - init_reply_lookup_sids2(r_u, ref, names, mapped_count); + init_reply_lookup_sids2(r_u, ref, mapped_count); return r_u->status; } @@ -1022,7 +1009,6 @@ NTSTATUS _lsa_lookup_sids3(pipes_struct *p, { uint32 mapped_count = 0; DOM_R_REF *ref; - LSA_TRANS_NAME_ENUM2 *names; if ((q_u->level < 1) || (q_u->level > 6)) { return NT_STATUS_INVALID_PARAMETER; @@ -1031,15 +1017,14 @@ NTSTATUS _lsa_lookup_sids3(pipes_struct *p, r_u->status = NT_STATUS_RPC_PROTSEQ_NOT_SUPPORTED; ref = TALLOC_ZERO_P(p->mem_ctx, DOM_R_REF); - names = TALLOC_ZERO_P(p->mem_ctx, LSA_TRANS_NAME_ENUM2); - if ((ref == NULL) || (names == NULL)) { + if (ref == NULL) { /* We would segfault later on in lsa_io_r_lookup_sids3 anyway, * so do a planned exit here. We NEEEED pidl! */ smb_panic("talloc failed"); } - init_reply_lookup_sids3(r_u, ref, names, mapped_count); + init_reply_lookup_sids3(r_u, ref, mapped_count); return r_u->status; } -- cgit