svn commit: samba r23982 - in
branches/SAMBA_4_0/source/dsdb/samdb/ldb_modules: .
abartlet at samba.org
abartlet at samba.org
Sat Jul 21 10:14:47 GMT 2007
Author: abartlet
Date: 2007-07-21 10:14:46 +0000 (Sat, 21 Jul 2007)
New Revision: 23982
WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba&rev=23982
Log:
Fix use-after-realloc() found by valgrind and mwallnoefer at yahoo.de.
Should fix bug #4804.
Andrew Bartlett
Modified:
branches/SAMBA_4_0/source/dsdb/samdb/ldb_modules/kludge_acl.c
Changeset:
Modified: branches/SAMBA_4_0/source/dsdb/samdb/ldb_modules/kludge_acl.c
===================================================================
--- branches/SAMBA_4_0/source/dsdb/samdb/ldb_modules/kludge_acl.c 2007-07-20 16:39:42 UTC (rev 23981)
+++ branches/SAMBA_4_0/source/dsdb/samdb/ldb_modules/kludge_acl.c 2007-07-21 10:14:46 UTC (rev 23982)
@@ -115,7 +115,7 @@
static int kludge_acl_allowedAttributes(struct ldb_context *ldb, struct ldb_message *msg,
const char *attrName)
{
- struct ldb_message_element *oc_el = ldb_msg_find_element(msg, "objectClass");
+ struct ldb_message_element *oc_el;
struct ldb_message_element *allowedAttributes;
const struct dsdb_schema *schema = dsdb_get_schema(ldb);
const struct dsdb_class *class;
@@ -125,6 +125,10 @@
return ret;
}
+ /* To ensure that oc_el is valid, we must look for it after
+ we alter the element array in ldb_msg_add_empty() */
+ oc_el = ldb_msg_find_element(msg, "objectClass");
+
for (i=0; i < oc_el->num_values; i++) {
class = dsdb_class_by_lDAPDisplayName(schema, (const char *)oc_el->values[i].data);
if (!class) {
More information about the samba-cvs
mailing list