svn commit: samba r17875 - in branches: SAMBA_3_0/source/auth SAMBA_3_0_23/source/auth

[jra at samba.org]

Author: jra
Date: 2006-08-28 05:22:10 +0000 (Mon, 28 Aug 2006)
New Revision: 17875

WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba&rev=17875

Log:
Fix (rather theoretical, but still...) null deref found by
Stanford checker.
Jeremy.

Modified:
   branches/SAMBA_3_0/source/auth/auth_util.c
   branches/SAMBA_3_0_23/source/auth/auth_util.c


Changeset:
Modified: branches/SAMBA_3_0/source/auth/auth_util.c
===================================================================
--- branches/SAMBA_3_0/source/auth/auth_util.c	2006-08-28 05:10:56 UTC (rev 17874)
+++ branches/SAMBA_3_0/source/auth/auth_util.c	2006-08-28 05:22:10 UTC (rev 17875)
@@ -1988,16 +1988,19 @@
 		return NULL;
 	}
 
-	token->user_sids = (DOM_SID *)talloc_memdup(
-		token, ptoken->user_sids, sizeof(DOM_SID) * ptoken->num_sids );
+	ZERO_STRUCTP(token);
 
-	if ((ptoken->user_sids != NULL) && (token->user_sids == NULL)) {
-		DEBUG(0, ("talloc_memdup failed\n"));
-		TALLOC_FREE(token);
-		return NULL;
+	if (ptoken->user_sids && ptoken->num_sids) {
+		token->user_sids = (DOM_SID *)talloc_memdup(
+			token, ptoken->user_sids, sizeof(DOM_SID) * ptoken->num_sids );
+
+		if (token->user_sids == NULL) {
+			DEBUG(0, ("talloc_memdup failed\n"));
+			TALLOC_FREE(token);
+			return NULL;
+		}
+		token->num_sids = ptoken->num_sids;
 	}
-
-	token->num_sids = ptoken->num_sids;
 	
 	/* copy the privileges; don't consider failure to be critical here */
 	

Modified: branches/SAMBA_3_0_23/source/auth/auth_util.c
===================================================================
--- branches/SAMBA_3_0_23/source/auth/auth_util.c	2006-08-28 05:10:56 UTC (rev 17874)
+++ branches/SAMBA_3_0_23/source/auth/auth_util.c	2006-08-28 05:22:10 UTC (rev 17875)
@@ -1927,17 +1927,20 @@
 		return NULL;
 	}
 
-	token->user_sids = talloc_memdup(token, ptoken->user_sids,
+	ZERO_STRUCTP(token);
+
+	if (ptoken->user_sids && ptoken->num_sids) {
+		token->user_sids = talloc_memdup(token, ptoken->user_sids,
 					 sizeof(DOM_SID) * ptoken->num_sids );
 
-	if ((ptoken->user_sids != NULL) && (token->user_sids == NULL)) {
-		DEBUG(0, ("talloc_memdup failed\n"));
-		TALLOC_FREE(token);
-		return NULL;
+		if (token->user_sids == NULL) {
+			DEBUG(0, ("talloc_memdup failed\n"));
+			TALLOC_FREE(token);
+			return NULL;
+		}
+		token->num_sids = ptoken->num_sids;
 	}
 
-	token->num_sids = ptoken->num_sids;
-	
 	/* copy the privileges; don't consider failure to be critical here */
 	
 	if ( !se_priv_copy( &token->privileges, &ptoken->privileges ) ) {