[PATCH] Further bugfix for bug 12276
Jeremy Allison
jra at samba.org
Wed Oct 12 17:43:10 UTC 2016
On Wed, Oct 12, 2016 at 01:46:07PM +0200, Volker Lendecke wrote:
> Hi!
>
> Review appreciated!
Obvious goodness, thanks !
> From 801dc51874d80d01390dd2b9c66003715f33f748 Mon Sep 17 00:00:00 2001
> From: Volker Lendecke <vl at samba.org>
> Date: Wed, 12 Oct 2016 12:35:12 +0200
> Subject: [PATCH] lib: Fix CID 1373623 Dereference after null check
> MIME-Version: 1.0
> Content-Type: text/plain; charset=UTF-8
> Content-Transfer-Encoding: 8bit
>
> We should not overload "p", this is used in the outer loop
>
> BUG: https://bugzilla.samba.org/show_bug.cgi?id=12276
> Signed-off-by: Volker Lendecke <vl at samba.org>
> Reviewed-by: Ralph Böhme <slow at samba.org>
> ---
> source3/lib/substitute.c | 7 ++++---
> 1 file changed, 4 insertions(+), 3 deletions(-)
>
> diff --git a/source3/lib/substitute.c b/source3/lib/substitute.c
> index 752f108..bc34c31 100644
> --- a/source3/lib/substitute.c
> +++ b/source3/lib/substitute.c
> @@ -524,9 +524,10 @@ char *talloc_sub_basic(TALLOC_CTX *mem_ctx,
>
> group_name = gidtoname(pass->pw_gid);
> if (is_domain_name) {
> - p = strchr_m(group_name, *sep);
> - if (p != NULL) {
> - group_name = p + 1;
> + char *group_sep;
> + group_sep = strchr_m(group_name, *sep);
> + if (group_sep != NULL) {
> + group_name = group_sep + 1;
> }
> }
> a_string = realloc_string_sub(a_string,
> --
> 2.1.4
>
More information about the samba-technical
mailing list