From bb9ca5025cd9ae065ea1ed47646c51223de3975b Mon Sep 17 00:00:00 2001 From: Günther Deschner Date: Wed, 20 Dec 2006 14:23:41 +0000 Subject: r20279: Fix winbind segfault in winbindd_getsidaliases. Jeremy: sidstr formerly could be NULL (when num_aliases was 0), since we strdup here it needs to exist. Guenther (This used to be commit 29396a1bd8ebd6d951f35941b13c9c61593ae6d3) --- source3/nsswitch/winbindd_async.c | 19 +++++++++++++++---- 1 file changed, 15 insertions(+), 4 deletions(-) (limited to 'source3') diff --git a/source3/nsswitch/winbindd_async.c b/source3/nsswitch/winbindd_async.c index 3319fda406..721979e2bc 100644 --- a/source3/nsswitch/winbindd_async.c +++ b/source3/nsswitch/winbindd_async.c @@ -1084,7 +1084,7 @@ enum winbindd_result winbindd_dual_getsidaliases(struct winbindd_domain *domain, { DOM_SID *sids = NULL; size_t num_sids = 0; - char *sidstr; + char *sidstr = NULL; ssize_t len; size_t i; uint32 num_aliases; @@ -1094,8 +1094,13 @@ enum winbindd_result winbindd_dual_getsidaliases(struct winbindd_domain *domain, DEBUG(3, ("[%5lu]: getsidaliases\n", (unsigned long)state->pid)); sidstr = state->request.extra_data.data; - if (sidstr == NULL) + if (sidstr == NULL) { sidstr = talloc_strdup(state->mem_ctx, "\n"); /* No SID */ + if (!sidstr) { + DEBUG(0, ("Out of memory\n")); + return WINBINDD_ERROR; + } + } DEBUG(10, ("Sidlist: %s\n", sidstr)); @@ -1121,6 +1126,7 @@ enum winbindd_result winbindd_dual_getsidaliases(struct winbindd_domain *domain, num_sids = 0; sids = NULL; + sidstr = NULL; DEBUG(10, ("Got %d aliases\n", num_aliases)); @@ -1141,9 +1147,14 @@ enum winbindd_result winbindd_dual_getsidaliases(struct winbindd_domain *domain, return WINBINDD_ERROR; } - state->response.extra_data.data = SMB_STRDUP(sidstr); + state->response.extra_data.data = NULL; - if (state->response.extra_data.data != NULL) { + if (sidstr) { + state->response.extra_data.data = SMB_STRDUP(sidstr); + if (!state->response.extra_data.data) { + DEBUG(0, ("Out of memory\n")); + return WINBINDD_ERROR; + } DEBUG(10, ("aliases_list: %s\n", (char *)state->response.extra_data.data)); state->response.length += len+1; -- cgit