From 1d166fd3cff7ed8b6d3d17427fb18fa9f6405b48 Mon Sep 17 00:00:00 2001
From: Matthias Dieter Wallnöfer <mdw@samba.org>
Date: Mon, 5 Jul 2010 11:44:48 +0200
Subject: s4:winbind/wb_cmd_setpwent.c - fix a possible crash condition in the
 "winbind struct test"

Use a "talloc_strdup" for duplicating usernames.
---
 source4/winbind/wb_cmd_setpwent.c | 18 ++++++++++--------
 1 file changed, 10 insertions(+), 8 deletions(-)

(limited to 'source4/winbind')

diff --git a/source4/winbind/wb_cmd_setpwent.c b/source4/winbind/wb_cmd_setpwent.c
index 9384849075..8164d6f199 100644
--- a/source4/winbind/wb_cmd_setpwent.c
+++ b/source4/winbind/wb_cmd_setpwent.c
@@ -112,28 +112,30 @@ static void cmd_setpwent_recv_user_list(struct composite_context *ctx)
 	if (composite_nomem(user_list, state->ctx)) return;
 
 	state->ctx->status = libnet_UserList_recv(ctx, state->result,
-			user_list);
+						  user_list);
 	if (NT_STATUS_IS_OK(state->ctx->status) ||
 		NT_STATUS_EQUAL(state->ctx->status, STATUS_MORE_ENTRIES)) {
-		if( state->result->page_index == -1) { /* First run*/
+		if (state->result->page_index == -1) { /* First run*/
 			state->result->user_list = user_list;
 			state->result->page_index = 0;
 			state->result->libnet_ctx = state->libnet_ctx;
 		} else {
-			int i;
+			int i, cnt = state->result->user_list->out.count
+							+ user_list->out.count;
 			struct userlist *tmp;
 			tmp = state->result->user_list->out.users;
-			state->result->user_list->out.users = talloc_realloc(state->result,tmp,struct userlist,
-			state->result->user_list->out.count+user_list->out.count);
+			state->result->user_list->out.users = talloc_realloc(state->result,
+									     tmp, struct userlist,
+									     cnt);
 			tmp = state->result->user_list->out.users;
 			for(i=0;i<user_list->out.count;i++ ) {
-				tmp[i+state->result->user_list->out.count].username = talloc_steal(state->result,user_list->out.users[i].username);
+				tmp[state->result->user_list->out.count + i].username
+					= talloc_strdup(state->result, user_list->out.users[i].username);
 			}
-			state->result->user_list->out.count += user_list->out.count;
+			state->result->user_list->out.count = cnt;
 			talloc_free(user_list);
 		}
 
-
 		if (NT_STATUS_IS_OK(state->ctx->status) ) {
 			composite_done(state->ctx);
 		} else {
-- 
cgit