[PATCH 11/13] libgpo: replace dup_sec_desc() usage
David Disseldorp
ddiss at suse.de
Tue May 27 03:04:20 MDT 2014
On Mon, 26 May 2014 21:59:31 +0200, Volker Lendecke wrote:
> > - gpo->security_descriptor = dup_sec_desc(gpo, gpo_src->security_descriptor);
> > + if (gpo_src->security_descriptor == NULL) {
> > + /* existing SD assumed */
> > + TALLOC_FREE(gpo);
> > + return NT_STATUS_INVALID_PARAMETER;
> > + }
> > + gpo->security_descriptor = security_descriptor_copy(gpo,
> > + gpo_src->security_descriptor);
> > if (gpo->security_descriptor == NULL) {
> > TALLOC_FREE(gpo);
> > return NT_STATUS_NO_MEMORY;
>
> Not sure it matters, but this looks like a little semantic
> change in case gpo_src->security_descriptor==NULL. Before
> the patch we return INVALID_PARAMETER, after the patch I
> believe we crash.
As Richard pointed out, there's a NULL check before the
security_descriptor_copy() call.
There is one slight change in behaviour here: previously
NT_STATUS_NO_MEMORY was returned if gpo_src->security_descriptor was
NULL, whereas now NT_STATUS_INVALID_PARAMETER is returned.
The callers don't differentiate between these errors.
Cheers, David
More information about the samba-technical
mailing list