From 4085e189a147841fed64ecbe072cde007cedad0d Mon Sep 17 00:00:00 2001 From: Volker Lendecke Date: Sat, 10 Apr 2010 16:55:46 +0200 Subject: s3: Check 0 termination in GETALIASES --- source3/winbindd/winbindd_getsidaliases.c | 20 +++++++++++++------- 1 file changed, 13 insertions(+), 7 deletions(-) (limited to 'source3/winbindd') diff --git a/source3/winbindd/winbindd_getsidaliases.c b/source3/winbindd/winbindd_getsidaliases.c index 6755fa149f..baa8fea11e 100644 --- a/source3/winbindd/winbindd_getsidaliases.c +++ b/source3/winbindd/winbindd_getsidaliases.c @@ -68,13 +68,19 @@ struct tevent_req *winbindd_getsidaliases_send(TALLOC_CTX *mem_ctx, num_sids = 0; sids = NULL; - if ((request->extra_data.data != NULL) - && !parse_sidlist(state, request->extra_data.data, - &sids, &num_sids)) { - DEBUG(1, ("Could not parse SID list: %s\n", - request->extra_data.data)); - tevent_req_nterror(req, NT_STATUS_INVALID_PARAMETER); - return tevent_req_post(req, ev); + if (request->extra_data.data != NULL) { + if (request->extra_data.data[request->extra_len-1] != '\0') { + DEBUG(1, ("Got non-NULL terminated sidlist\n")); + tevent_req_nterror(req, NT_STATUS_INVALID_PARAMETER); + return tevent_req_post(req, ev); + } + if (!parse_sidlist(state, request->extra_data.data, + &sids, &num_sids)) { + DEBUG(1, ("Could not parse SID list: %s\n", + request->extra_data.data)); + tevent_req_nterror(req, NT_STATUS_INVALID_PARAMETER); + return tevent_req_post(req, ev); + } } subreq = wb_lookupuseraliases_send(state, ev, domain, num_sids, sids); -- cgit