ldb_dn_copy(): should we take a talloc_reference?

Andrew Bartlett abartlet at samba.org
Thu Feb 8 03:26:22 UTC 2018


A while back Garming looked into a bug where an LDB DN was copied.

The issue is that ldb_dn_copy() does not copy over the 'ldb' element.

This is all fine until a schema-aware operation is required, such as
getting the casefolded DN.  Then we don't do so well, segfaulting in
ldb_dn_casefold_internal() when ldb_schema_attribute_by_name() is
called on dn->ldb.

Thankfully this isn't done often, and when it is done the full case-
folded DN is still valid and no further work is needed. 

But is isn't OK, and we should fix it.

However, what is harder is working out the right fix.

* On one hand, I would say that the answer is to make the struct ldb_dn
take a talloc_reference() to the ldb and assign the element in
ldb_dn_copy().  (We would then also need to take the reference in
ldb_dn_new()).  On the other, I can hear the howls of protest already. 

* We could just copy the ldb element and just make it explicit that it
is the caller's problem

* We could deprecate ldb_dn_copy() and create a new version with an
extra argument for the ldb the DN should gain.  

We should also make the python code take a reference to the LDB and
destroy that reference when the Dn goes out of scope.  (It doesn't

Any thoughts most welcome,


Andrew Bartlett

Andrew Bartlett
Authentication Developer, Samba Team         https://samba.org
Samba Development and Support, Catalyst IT   

More information about the samba-technical mailing list