[PATCH 09/12] winbindd: Do not use user_list->out.resume_index after free
Kamen Mazdrashki
kamenim at samba.org
Sun Sep 7 21:39:50 MDT 2014
Reviewed-by: Kamen Mazdrashki <kamenim at samba.org>
On Mon, Sep 8, 2014 at 1:30 AM, <abartlet at samba.org> wrote:
> From: Andrew Bartlett <abartlet at samba.org>
>
> Found by AddressSanitizer
>
> Change-Id: I9f8b95b65de788994a7404fa8889fce45ccb3a30
> Signed-off-by: Andrew Bartlett <abartlet at samba.org>
> ---
> source4/winbind/wb_cmd_setpwent.c | 7 +++++--
> 1 file changed, 5 insertions(+), 2 deletions(-)
>
> diff --git a/source4/winbind/wb_cmd_setpwent.c
> b/source4/winbind/wb_cmd_setpwent.c
> index 8164d6f..ab9fd2e 100644
> --- a/source4/winbind/wb_cmd_setpwent.c
> +++ b/source4/winbind/wb_cmd_setpwent.c
> @@ -115,6 +115,9 @@ static void cmd_setpwent_recv_user_list(struct
> composite_context *ctx)
> user_list);
> if (NT_STATUS_IS_OK(state->ctx->status) ||
> NT_STATUS_EQUAL(state->ctx->status, STATUS_MORE_ENTRIES)) {
> +
> + uint32_t resume_index = user_list->out.resume_index;
> +
> if (state->result->page_index == -1) { /* First run*/
> state->result->user_list = user_list;
> state->result->page_index = 0;
> @@ -133,7 +136,7 @@ static void cmd_setpwent_recv_user_list(struct
> composite_context *ctx)
> = talloc_strdup(state->result,
> user_list->out.users[i].username);
> }
> state->result->user_list->out.count = cnt;
> - talloc_free(user_list);
> + TALLOC_FREE(user_list);
> }
>
> if (NT_STATUS_IS_OK(state->ctx->status) ) {
> @@ -142,7 +145,7 @@ static void cmd_setpwent_recv_user_list(struct
> composite_context *ctx)
> user_list_send = talloc(state->result, struct
> libnet_UserList);
> if (composite_nomem(user_list_send, state->ctx))
> return;
> user_list_send->in.domain_name =
> talloc_strdup(state, state->domain_name);
> - user_list_send->in.resume_index =
> user_list->out.resume_index;
> + user_list_send->in.resume_index = resume_index;
> user_list_send->in.page_size = 128;
> ctx = libnet_UserList_send(state->libnet_ctx,
> state->result, user_list_send, NULL);
> composite_continue(state->ctx, ctx,
> cmd_setpwent_recv_user_list, state);
> --
> 2.1.0
>
>
More information about the samba-technical
mailing list