[PATCH] dfs_server: get_dcs: fix pointer list termination

Arvid Requate requate at univention.de
Mon Mar 31 10:45:07 MDT 2014


Should fix a potential SEGV e.g. in case searched_site == NULL and no
objects with objectClass=site are found.

Signed-off-by: Arvid Requate <requate at univention.de>
---
 dfs_server/dfs_server_ad.c | 11 ++++++++---
 1 file changed, 8 insertions(+), 3 deletions(-)

diff --git a/dfs_server/dfs_server_ad.c b/dfs_server/dfs_server_ad.c
index 5e2634f..3d93e19 100644
--- a/dfs_server/dfs_server_ad.c
+++ b/dfs_server/dfs_server_ad.c
@@ -366,7 +366,11 @@ static NTSTATUS get_dcs(TALLOC_CTX *ctx, struct ldb_context *ldb,
 		/* All of this was to get the DN of the searched_site */
 		sitedn = r->msgs[0]->dn;
 
-		set_list = talloc_realloc(subctx, set_list, struct dc_set *, current_pos+1);
+		/*
+		 * We will realloc + 2 because we will need one additional place
+		 * for element at current_pos + 1 for the NULL element
+		 */
+		set_list = talloc_realloc(subctx, set_list, struct dc_set *, current_pos+2);
 		if (set_list == NULL) {
 			TALLOC_FREE(subctx);
 			return NT_STATUS_NO_MEMORY;
@@ -380,6 +384,9 @@ static NTSTATUS get_dcs(TALLOC_CTX *ctx, struct ldb_context *ldb,
 
 		set_list[current_pos]->names = NULL;
 		set_list[current_pos]->count = 0;
+
+		set_list[current_pos+1] = NULL;
+
 		status = get_dcs_insite(subctx, ldb, sitedn,
 					set_list[current_pos], need_fqdn);
 		if (!NT_STATUS_IS_OK(status)) {
@@ -468,8 +475,6 @@ static NTSTATUS get_dcs(TALLOC_CTX *ctx, struct ldb_context *ldb,
 			}
 		}
 	}
-	current_pos++;
-	set_list[current_pos] = NULL;
 
 	*pset_list = talloc_move(ctx, &set_list);
 	talloc_free(subctx);
-- 
1.8.5.3



More information about the samba-technical mailing list