[SCM] Samba Shared Repository - branch v3-3-test updated -
release-3-2-0pre2-2874-g5b12d8a
Volker Lendecke
vlendec at samba.org
Tue Jun 17 13:21:02 GMT 2008
The branch, v3-3-test has been updated
via 5b12d8aa510689114e5413be5afe6aeb6ec2d9db (commit)
via ac5ba26bb0488c3fb95072d84898c02b72c5b819 (commit)
from a09ed6016a41a9ed45716579e59a646545054f63 (commit)
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-3-test
- Log -----------------------------------------------------------------
commit 5b12d8aa510689114e5413be5afe6aeb6ec2d9db
Author: Volker Lendecke <vl at samba.org>
Date: Tue Jun 17 15:17:22 2008 +0200
Fix a segfault in wbcLookupRids
The done: part could access uninitialized memory if intermediate
BAIL_ON_WBC_ERROR fire.
Jerry, please check!
Thanks,
Volker
(cherry picked from commit 31f4c33dcc744e81be54389756378e25aa2bb75e)
commit ac5ba26bb0488c3fb95072d84898c02b72c5b819
Author: Volker Lendecke <vl at samba.org>
Date: Tue Jun 17 14:53:07 2008 +0200
Fix a segfault in wbcLookupSid
If the BAIL_ON_WBC_ERROR directly after wbcRequestResponse kicks in, *domain
and *name have not been initialized yet. So the cleanup routine in the done:
part of the routine (which did not check for domain!=NULL etc) would access
uninitialized memory.
Jerry, please check!
Thanks,
Volker
(cherry picked from commit 3d7e0cc40b1992f4555807acec4f00450e30e2de)
-----------------------------------------------------------------------
Summary of changes:
source/nsswitch/libwbclient/wbc_sid.c | 85 +++++++++++++++++++-------------
1 files changed, 50 insertions(+), 35 deletions(-)
Changeset truncated at 500 lines:
diff --git a/source/nsswitch/libwbclient/wbc_sid.c b/source/nsswitch/libwbclient/wbc_sid.c
index 500be2f..b090926 100644
--- a/source/nsswitch/libwbclient/wbc_sid.c
+++ b/source/nsswitch/libwbclient/wbc_sid.c
@@ -228,14 +228,17 @@ wbcErr wbcLookupName(const char *domain,
**/
wbcErr wbcLookupSid(const struct wbcDomainSid *sid,
- char **domain,
- char **name,
- enum wbcSidType *name_type)
+ char **pdomain,
+ char **pname,
+ enum wbcSidType *pname_type)
{
struct winbindd_request request;
struct winbindd_response response;
wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE;
char *sid_string = NULL;
+ char *domain = NULL;
+ char *name = NULL;
+ enum wbcSidType name_type;
if (!sid) {
wbc_status = WBC_ERR_INVALID_PARAM;
@@ -264,28 +267,35 @@ wbcErr wbcLookupSid(const struct wbcDomainSid *sid,
/* Copy out result */
- if (domain != NULL) {
- *domain = talloc_strdup(NULL, response.data.name.dom_name);
- BAIL_ON_PTR_ERROR((*domain), wbc_status);
- }
+ domain = talloc_strdup(NULL, response.data.name.dom_name);
+ BAIL_ON_PTR_ERROR(domain, wbc_status);
- if (name != NULL) {
- *name = talloc_strdup(NULL, response.data.name.name);
- BAIL_ON_PTR_ERROR((*name), wbc_status);
- }
+ name = talloc_strdup(NULL, response.data.name.name);
+ BAIL_ON_PTR_ERROR(name, wbc_status);
- if (name_type) {
- *name_type = (enum wbcSidType)response.data.name.type;
- }
+ name_type = (enum wbcSidType)response.data.name.type;
wbc_status = WBC_ERR_SUCCESS;
done:
- if (!WBC_ERROR_IS_OK(wbc_status)) {
- if (*domain)
- talloc_free(*domain);
- if (*name)
- talloc_free(*name);
+ if (WBC_ERROR_IS_OK(wbc_status)) {
+ if (pdomain != NULL) {
+ *pdomain = domain;
+ }
+ if (pname != NULL) {
+ *pname = name;
+ }
+ if (pname_type != NULL) {
+ *pname_type = name_type;
+ }
+ }
+ else {
+ if (name != NULL) {
+ talloc_free(name);
+ }
+ if (domain != NULL) {
+ talloc_free(domain);
+ }
}
return wbc_status;
@@ -299,8 +309,8 @@ wbcErr wbcLookupRids(struct wbcDomainSid *dom_sid,
int num_rids,
uint32_t *rids,
const char **pp_domain_name,
- const char ***names,
- enum wbcSidType **types)
+ const char ***pnames,
+ enum wbcSidType **ptypes)
{
size_t i, len, ridbuf_size;
char *ridlist;
@@ -309,6 +319,8 @@ wbcErr wbcLookupRids(struct wbcDomainSid *dom_sid,
struct winbindd_response response;
char *sid_string = NULL;
char *domain_name = NULL;
+ const char **names = NULL;
+ enum wbcSidType *types = NULL;
wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE;
/* Initialise request */
@@ -360,11 +372,11 @@ wbcErr wbcLookupRids(struct wbcDomainSid *dom_sid,
domain_name = talloc_strdup(NULL, response.data.domain_name);
BAIL_ON_PTR_ERROR(domain_name, wbc_status);
- *names = talloc_array(NULL, const char*, num_rids);
- BAIL_ON_PTR_ERROR((*names), wbc_status);
+ names = talloc_array(NULL, const char*, num_rids);
+ BAIL_ON_PTR_ERROR(names, wbc_status);
- *types = talloc_array(NULL, enum wbcSidType, num_rids);
- BAIL_ON_PTR_ERROR((*types), wbc_status);
+ types = talloc_array(NULL, enum wbcSidType, num_rids);
+ BAIL_ON_PTR_ERROR(types, wbc_status);
p = (char *)response.extra_data.data;
@@ -376,7 +388,7 @@ wbcErr wbcLookupRids(struct wbcDomainSid *dom_sid,
BAIL_ON_WBC_ERROR(wbc_status);
}
- (*types)[i] = (enum wbcSidType)strtoul(p, &q, 10);
+ types[i] = (enum wbcSidType)strtoul(p, &q, 10);
if (*q != ' ') {
wbc_status = WBC_ERR_INVALID_RESPONSE;
@@ -392,8 +404,8 @@ wbcErr wbcLookupRids(struct wbcDomainSid *dom_sid,
*q = '\0';
- (*names)[i] = talloc_strdup((*names), p);
- BAIL_ON_PTR_ERROR(((*names)[i]), wbc_status);
+ names[i] = talloc_strdup(names, p);
+ BAIL_ON_PTR_ERROR(names[i], wbc_status);
p = q+1;
}
@@ -410,15 +422,18 @@ wbcErr wbcLookupRids(struct wbcDomainSid *dom_sid,
free(response.extra_data.data);
}
- if (!WBC_ERROR_IS_OK(wbc_status)) {
+ if (WBC_ERROR_IS_OK(wbc_status)) {
+ *pp_domain_name = domain_name;
+ *pnames = names;
+ *ptypes = types;
+ }
+ else {
if (domain_name)
talloc_free(domain_name);
- if (*names)
- talloc_free(*names);
- if (*types)
- talloc_free(*types);
- } else {
- *pp_domain_name = domain_name;
+ if (names)
+ talloc_free(names);
+ if (types)
+ talloc_free(types);
}
return wbc_status;
--
Samba Shared Repository
More information about the samba-cvs
mailing list