>From 1558308474a9eb66eb733d57a600f2f1ab216ff4 Mon Sep 17 00:00:00 2001
From: Matthieu Patou <mat@matws.net>
Date: Wed, 22 May 2013 08:39:25 -0700
Subject: [PATCH 1/2] dsdb: Fix talloc issues in dsdb_schema_copy_shallow

The problem was that we did not clear these structure members before
we regenerated these values in schema_fill_constructed().  The
talloc_realloc() in the schema_fill_possible_inferiors() and
schema_fill_system_possible_inferiors() calls would then use the old
talloc parent (cls, a child of schema) not cls_copy (a child of
schema_copy).

Pair-Programmed-With: Andrew Bartlett <abartlett@samba.org>
Reviewed-By: Andrew Bartlett <abartlett@samba.org>
---
 source4/dsdb/schema/schema_init.c |   12 ++++++++++++
 1 file changed, 12 insertions(+)

diff --git a/source4/dsdb/schema/schema_init.c b/source4/dsdb/schema/schema_init.c
index efbd38a..37c3165 100644
--- a/source4/dsdb/schema/schema_init.c
+++ b/source4/dsdb/schema/schema_init.c
@@ -80,6 +80,18 @@ struct dsdb_schema *dsdb_schema_copy_shallow(TALLOC_CTX *mem_ctx,
 		if (!class_copy) {
 			goto failed;
 		}
+
+		/*
+		 * We have to wipe these attributes that we will
+		 * re-generate below, or else we will talloc_realloc()
+		 * based on these pointers, which still have the old
+		 * talloc parent
+		 */
+
+		ZERO_STRUCT(class_copy->tmp);
+		class_copy->possibleInferiors = NULL;
+		class_copy->systemPossibleInferiors = NULL;
+
 		DLIST_ADD(schema_copy->classes, class_copy);
 	}
 	schema_copy->num_classes = schema->num_classes;
-- 
1.7.9.5