[PATCH] dfs_server: get_dcs: fix pointer list termination
Andrew Bartlett
abartlet at samba.org
Tue Apr 1 22:20:22 MDT 2014
On Mon, 2014-03-31 at 18:50 +0200, Arvid Requate wrote:
> Should fix a potential SEGV e.g. in case searched_site == NULL and no
> objects with objectClass=site are found.
>
> Signed-off-by: Arvid Requate <requate at univention.de>
Looks good!
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
> ---
> dfs_server/dfs_server_ad.c | 11 ++++++++---
> 1 file changed, 8 insertions(+), 3 deletions(-)
>
> diff --git a/dfs_server/dfs_server_ad.c b/dfs_server/dfs_server_ad.c
> index 5e2634f..3d93e19 100644
> --- a/dfs_server/dfs_server_ad.c
> +++ b/dfs_server/dfs_server_ad.c
> @@ -366,7 +366,11 @@ static NTSTATUS get_dcs(TALLOC_CTX *ctx, struct
> ldb_context *ldb,
> /* All of this was to get the DN of the searched_site */
> sitedn = r->msgs[0]->dn;
>
> - set_list = talloc_realloc(subctx, set_list, struct dc_set *,
> current_pos+1);
> + /*
> + * We will realloc + 2 because we will need one additional place
> + * for element at current_pos + 1 for the NULL element
> + */
> + set_list = talloc_realloc(subctx, set_list, struct dc_set *,
> current_pos+2);
> if (set_list == NULL) {
> TALLOC_FREE(subctx);
> return NT_STATUS_NO_MEMORY;
> @@ -380,6 +384,9 @@ static NTSTATUS get_dcs(TALLOC_CTX *ctx, struct
> ldb_context *ldb,
>
> set_list[current_pos]->names = NULL;
> set_list[current_pos]->count = 0;
> +
> + set_list[current_pos+1] = NULL;
> +
> status = get_dcs_insite(subctx, ldb, sitedn,
> set_list[current_pos], need_fqdn);
> if (!NT_STATUS_IS_OK(status)) {
> @@ -468,8 +475,6 @@ static NTSTATUS get_dcs(TALLOC_CTX *ctx, struct
> ldb_context *ldb,
> }
> }
> }
> - current_pos++;
> - set_list[current_pos] = NULL;
>
> *pset_list = talloc_move(ctx, &set_list);
> talloc_free(subctx);
--
Andrew Bartlett
http://samba.org/~abartlet/
Authentication Developer, Samba Team http://samba.org
Samba Developer, Catalyst IT http://catalyst.net.nz/services/samba
More information about the samba-technical
mailing list