[PATCH - COVERITY] - winbindd/idmap_rfc2307: Fix CID 1273424 - Read from pointer after free
Christof Schmitt
cs at samba.org
Wed Apr 27 21:34:14 UTC 2016
On Wed, Apr 27, 2016 at 01:13:42PM -0700, Jeremy Allison wrote:
> On Wed, Apr 27, 2016 at 03:19:09PM +0200, Robin Hack wrote:
> > Hello.
> >
> > ads_do_search_retry_internal() is little bit fragile so caller must
> > check return values.
> >
> > Have nice day
> > Robin Hack
>
> LGTM ! Can I get a second Team reviewer please ?
Reviewed-by: Christof Schmitt <cs at samba.org>
>
> > From 7e0fafd17772ba631a710767dad02da45f53b157 Mon Sep 17 00:00:00 2001
> > From: Robin Hack <hack.robin at gmail.com>
> > Date: Wed, 27 Apr 2016 15:10:45 +0200
> > Subject: [PATCH] winbindd/idmap_rfc2307: Fix CID 1273424 - Read from pointer
> > after free
> >
> > idmap_rfc2307_ads_search() calls ads_do_search_retry_internal() which
> > can deallocate ads param based on ads->is_mine boolean.
> >
> > This approach is fragile so caller must properly check
> > return code before any pointer dereference.
> >
> > Signed-off-by: Robin Hack <hack.robin at gmail.com>
> > ---
> > source3/winbindd/idmap_rfc2307.c | 5 +++++
> > 1 file changed, 5 insertions(+)
> >
> > diff --git a/source3/winbindd/idmap_rfc2307.c b/source3/winbindd/idmap_rfc2307.c
> > index 3ef10f6..1b5aad9 100644
> > --- a/source3/winbindd/idmap_rfc2307.c
> > +++ b/source3/winbindd/idmap_rfc2307.c
> > @@ -99,6 +99,11 @@ static NTSTATUS idmap_rfc2307_ads_search(struct idmap_rfc2307_context *ctx,
> >
> > status = ads_do_search_retry(ctx->ads, bind_path,
> > LDAP_SCOPE_SUBTREE, expr, attrs, result);
> > +
> > + if (!ADS_ERR_OK(status)) {
> > + return ads_ntstatus(status);
> > + }
> > +
> > ctx->ldap = ctx->ads->ldap.ld;
> > return ads_ntstatus(status);
> > }
> > --
> > 1.9.3
> >
>
>
More information about the samba-technical
mailing list