[PATCH 11/13] libgpo: replace dup_sec_desc() usage

Volker Lendecke Volker.Lendecke at SerNet.DE
Tue May 27 03:07:07 MDT 2014


On Tue, May 27, 2014 at 11:04:20AM +0200, David Disseldorp wrote:
> On Mon, 26 May 2014 21:59:31 +0200, Volker Lendecke wrote:
> 
> > > -	gpo->security_descriptor = dup_sec_desc(gpo, gpo_src->security_descriptor);
> > > +	if (gpo_src->security_descriptor == NULL) {
> > > +		/* existing SD assumed */
> > > +		TALLOC_FREE(gpo);
> > > +		return NT_STATUS_INVALID_PARAMETER;
> > > +	}
> > > +	gpo->security_descriptor = security_descriptor_copy(gpo,
> > > +						gpo_src->security_descriptor);
> > >  	if (gpo->security_descriptor == NULL) {
> > >  		TALLOC_FREE(gpo);
> > >  		return NT_STATUS_NO_MEMORY;  
> > 
> > Not sure it matters, but this looks like a little semantic
> > change in case gpo_src->security_descriptor==NULL. Before
> > the patch we return INVALID_PARAMETER, after the patch I
> > believe we crash.
> 
> As Richard pointed out, there's a NULL check before the
> security_descriptor_copy() call.
> 
> There is one slight change in behaviour here: previously
> NT_STATUS_NO_MEMORY was returned if gpo_src->security_descriptor was
> NULL, whereas now NT_STATUS_INVALID_PARAMETER is returned.
> The callers don't differentiate between these errors.

Ok, great than.

Volker

-- 
SerNet GmbH, Bahnhofsallee 1b, 37081 Göttingen
phone: +49-551-370000-0, fax: +49-551-370000-9
AG Göttingen, HRB 2816, GF: Dr. Johannes Loxen
http://www.sernet.de, mailto:kontakt at sernet.de


More information about the samba-technical mailing list