[SCM] Samba Shared Repository - branch v3-2-test updated -
release-3-2-0pre2-3590-gfad2741
Karolin Seeger
kseeger at samba.org
Sat May 23 19:06:49 GMT 2009
The branch, v3-2-test has been updated
via fad2741ec79a34f25577d0a5d3c35a6455d3ce24 (commit)
via c60539f31f63bd65e5b0e3ee16365f036bef3d5b (commit)
from a7f96104b957ba0eb910f8c0073818f872345e3c (commit)
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-2-test
- Log -----------------------------------------------------------------
commit fad2741ec79a34f25577d0a5d3c35a6455d3ce24
Author: Jeremy Allison <jra at samba.org>
Date: Sat May 23 21:04:54 2009 +0200
s3/groupmapping: Groupdb mapping fix (bug #6386).
commit c60539f31f63bd65e5b0e3ee16365f036bef3d5b
Author: Simo Sorce <idra at samba.org>
Date: Thu May 21 21:32:17 2009 -0400
Insure we always return NULL on error.
It is not technically an ldb bug, but apparently some callers try to access
res before checking the ldb_search() return code.
So make their attempt very evident (a NULL dereference will make it cristal
clear where the bug is).
-----------------------------------------------------------------------
Summary of changes:
source/groupdb/mapping_ldb.c | 26 ++++++++++++++++++++------
source/lib/ldb/common/ldb.c | 1 +
2 files changed, 21 insertions(+), 6 deletions(-)
Changeset truncated at 500 lines:
diff --git a/source/groupdb/mapping_ldb.c b/source/groupdb/mapping_ldb.c
index 68e5b4c..a69d306 100644
--- a/source/groupdb/mapping_ldb.c
+++ b/source/groupdb/mapping_ldb.c
@@ -222,8 +222,11 @@ static bool get_group_map_from_sid(DOM_SID sid, GROUP_MAP *map)
if (dn == NULL) goto failed;
ret = ldb_search(ldb, dn, LDB_SCOPE_BASE, NULL, NULL, &res);
+ if (ret != LDB_SUCCESS) {
+ goto failed;
+ }
talloc_steal(dn, res);
- if (ret != LDB_SUCCESS || res->count != 1) {
+ if (res->count != 1) {
goto failed;
}
@@ -251,8 +254,13 @@ static bool get_group_map_from_gid(gid_t gid, GROUP_MAP *map)
if (expr == NULL) goto failed;
ret = ldb_search(ldb, NULL, LDB_SCOPE_SUBTREE, expr, NULL, &res);
+ if (ret != LDB_SUCCESS) {
+ goto failed;
+ }
talloc_steal(expr, res);
- if (ret != LDB_SUCCESS || res->count != 1) goto failed;
+ if (res->count != 1) {
+ goto failed;
+ }
if (!msg_to_group_map(res->msgs[0], map)) goto failed;
@@ -277,8 +285,13 @@ static bool get_group_map_from_ntname(const char *name, GROUP_MAP *map)
if (expr == NULL) goto failed;
ret = ldb_search(ldb, NULL, LDB_SCOPE_SUBTREE, expr, NULL, &res);
+ if (ret != LDB_SUCCESS) {
+ goto failed;
+ }
talloc_steal(expr, res);
- if (ret != LDB_SUCCESS || res->count != 1) goto failed;
+ if (res->count != 1) {
+ goto failed;
+ }
if (!msg_to_group_map(res->msgs[0], map)) goto failed;
@@ -342,8 +355,8 @@ static bool enum_group_mapping(const DOM_SID *domsid, enum lsa_SidType sid_name_
}
ret = ldb_search(ldb, basedn, LDB_SCOPE_SUBTREE, expr, NULL, &res);
- talloc_steal(tmp_ctx, res);
if (ret != LDB_SUCCESS) goto failed;
+ talloc_steal(tmp_ctx, res);
(*pp_rmap) = NULL;
*p_num_entries = 0;
@@ -395,10 +408,10 @@ static NTSTATUS one_alias_membership(const DOM_SID *member,
if (expr == NULL) goto failed;
ret = ldb_search(ldb, NULL, LDB_SCOPE_SUBTREE, expr, attrs, &res);
- talloc_steal(expr, res);
if (ret != LDB_SUCCESS) {
goto failed;
}
+ talloc_steal(expr, res);
for (i=0;i<res->count;i++) {
struct ldb_message_element *el;
@@ -516,8 +529,8 @@ static NTSTATUS enum_aliasmem(const DOM_SID *alias, DOM_SID **sids, size_t *num)
}
ret = ldb_search(ldb, dn, LDB_SCOPE_BASE, NULL, attrs, &res);
- talloc_steal(dn, res);
if (ret == LDB_SUCCESS && res->count == 0) {
+ talloc_free(res);
talloc_free(dn);
return NT_STATUS_OK;
}
@@ -525,6 +538,7 @@ static NTSTATUS enum_aliasmem(const DOM_SID *alias, DOM_SID **sids, size_t *num)
talloc_free(dn);
return NT_STATUS_INTERNAL_DB_CORRUPTION;
}
+ talloc_steal(dn, res);
el = ldb_msg_find_element(res->msgs[0], "member");
if (el == NULL) {
diff --git a/source/lib/ldb/common/ldb.c b/source/lib/ldb/common/ldb.c
index 743711b..c8aa6af 100644
--- a/source/lib/ldb/common/ldb.c
+++ b/source/lib/ldb/common/ldb.c
@@ -787,6 +787,7 @@ int ldb_search(struct ldb_context *ldb,
done:
if (ret != LDB_SUCCESS) {
talloc_free(res);
+ res = NULL;
}
*_res = res;
--
Samba Shared Repository
More information about the samba-cvs
mailing list