[PATCH - COVERITY] - winbindd/idmap_rfc2307: Fix CID 1273424 - Read from pointer after free
Jeremy Allison
jra at samba.org
Wed Apr 27 20:13:42 UTC 2016
On Wed, Apr 27, 2016 at 03:19:09PM +0200, Robin Hack wrote:
> Hello.
>
> ads_do_search_retry_internal() is little bit fragile so caller must
> check return values.
>
> Have nice day
> Robin Hack
LGTM ! Can I get a second Team reviewer please ?
> From 7e0fafd17772ba631a710767dad02da45f53b157 Mon Sep 17 00:00:00 2001
> From: Robin Hack <hack.robin at gmail.com>
> Date: Wed, 27 Apr 2016 15:10:45 +0200
> Subject: [PATCH] winbindd/idmap_rfc2307: Fix CID 1273424 - Read from pointer
> after free
>
> idmap_rfc2307_ads_search() calls ads_do_search_retry_internal() which
> can deallocate ads param based on ads->is_mine boolean.
>
> This approach is fragile so caller must properly check
> return code before any pointer dereference.
>
> Signed-off-by: Robin Hack <hack.robin at gmail.com>
> ---
> source3/winbindd/idmap_rfc2307.c | 5 +++++
> 1 file changed, 5 insertions(+)
>
> diff --git a/source3/winbindd/idmap_rfc2307.c b/source3/winbindd/idmap_rfc2307.c
> index 3ef10f6..1b5aad9 100644
> --- a/source3/winbindd/idmap_rfc2307.c
> +++ b/source3/winbindd/idmap_rfc2307.c
> @@ -99,6 +99,11 @@ static NTSTATUS idmap_rfc2307_ads_search(struct idmap_rfc2307_context *ctx,
>
> status = ads_do_search_retry(ctx->ads, bind_path,
> LDAP_SCOPE_SUBTREE, expr, attrs, result);
> +
> + if (!ADS_ERR_OK(status)) {
> + return ads_ntstatus(status);
> + }
> +
> ctx->ldap = ctx->ads->ldap.ld;
> return ads_ntstatus(status);
> }
> --
> 1.9.3
>
More information about the samba-technical
mailing list