[PATCH 11/13] libgpo: replace dup_sec_desc() usage

David Disseldorp ddiss at suse.de
Tue May 27 03:04:20 MDT 2014


On Mon, 26 May 2014 21:59:31 +0200, Volker Lendecke wrote:

> > -	gpo->security_descriptor = dup_sec_desc(gpo, gpo_src->security_descriptor);
> > +	if (gpo_src->security_descriptor == NULL) {
> > +		/* existing SD assumed */
> > +		TALLOC_FREE(gpo);
> > +		return NT_STATUS_INVALID_PARAMETER;
> > +	}
> > +	gpo->security_descriptor = security_descriptor_copy(gpo,
> > +						gpo_src->security_descriptor);
> >  	if (gpo->security_descriptor == NULL) {
> >  		TALLOC_FREE(gpo);
> >  		return NT_STATUS_NO_MEMORY;  
> 
> Not sure it matters, but this looks like a little semantic
> change in case gpo_src->security_descriptor==NULL. Before
> the patch we return INVALID_PARAMETER, after the patch I
> believe we crash.

As Richard pointed out, there's a NULL check before the
security_descriptor_copy() call.

There is one slight change in behaviour here: previously
NT_STATUS_NO_MEMORY was returned if gpo_src->security_descriptor was
NULL, whereas now NT_STATUS_INVALID_PARAMETER is returned.
The callers don't differentiate between these errors.

Cheers, David


More information about the samba-technical mailing list