From fca69a9e2f19d7f54cee6ace17adf57372cea52e Mon Sep 17 00:00:00 2001 From: Günther Deschner Date: Mon, 31 May 2010 21:26:30 +0200 Subject: s3-netlogon: Fix crash bug in _netr_NetrEnumerateTrustedDomains(). Guenther --- source3/rpc_server/srv_netlog_nt.c | 29 +++++++++++------------------ 1 file changed, 11 insertions(+), 18 deletions(-) (limited to 'source3/rpc_server/srv_netlog_nt.c') diff --git a/source3/rpc_server/srv_netlog_nt.c b/source3/rpc_server/srv_netlog_nt.c index 4bd176c1ea..cccd0d570a 100644 --- a/source3/rpc_server/srv_netlog_nt.c +++ b/source3/rpc_server/srv_netlog_nt.c @@ -412,12 +412,6 @@ NTSTATUS _netr_NetrEnumerateTrustedDomains(pipes_struct *p, return status; } - trusted_domains = talloc_zero_array(p->mem_ctx, const char *, num_domains); - if (!trusted_domains) { - status = NT_STATUS_NO_MEMORY; - goto out; - } - status = rpccli_lsa_open_policy2(cli, p->mem_ctx, true, LSA_POLICY_VIEW_LOCAL_INFORMATION, @@ -426,10 +420,7 @@ NTSTATUS _netr_NetrEnumerateTrustedDomains(pipes_struct *p, goto out; } - status = STATUS_MORE_ENTRIES; - - while (NT_STATUS_EQUAL(status, STATUS_MORE_ENTRIES)) { - + do { /* Lookup list of trusted domains */ status = rpccli_lsa_EnumTrustDom(cli, p->mem_ctx, @@ -450,16 +441,18 @@ NTSTATUS _netr_NetrEnumerateTrustedDomains(pipes_struct *p, goto out; } } - } + } while (NT_STATUS_EQUAL(status, STATUS_MORE_ENTRIES)); - /* multi sz terminate */ - trusted_domains = talloc_realloc(p->mem_ctx, trusted_domains, const char *, num_domains + 1); - if (trusted_domains == NULL) { - status = NT_STATUS_NO_MEMORY; - goto out; - } + if (num_domains > 0) { + /* multi sz terminate */ + trusted_domains = talloc_realloc(p->mem_ctx, trusted_domains, const char *, num_domains + 1); + if (trusted_domains == NULL) { + status = NT_STATUS_NO_MEMORY; + goto out; + } - trusted_domains[num_domains+1] = NULL; + trusted_domains[num_domains] = NULL; + } if (!push_reg_multi_sz(trusted_domains, &blob, trusted_domains)) { TALLOC_FREE(trusted_domains); -- cgit