The branch, master has been updated
via d1dc2b0 ldb-samba: Fix a possible NULL pointer dereference
via 9bbb6c0 s3:winbind: Use a talloc stackframe for rpc_query_user_list
via ef109f8 librpc:ndr: Set the length to 1 if we assign and empty
string
from 9b50789 ctdb-tests: Use tighter pattern for matching expected output
https://git.samba.org/?p=samba.git;a=shortlog;h=master
- Log -----------------------------------------------------------------
commit d1dc2b0e4b8387a6619b110d1344211833e0ae7c
Author: Andreas Schneider <[email protected]>
Date: Mon May 8 11:44:34 2017 +0200
ldb-samba: Fix a possible NULL pointer dereference
CID: #1402566
CID: #1402567
Signed-off-by: Andreas Schneider <[email protected]>
Reviewed-by: Volker Lendecke <[email protected]>
Autobuild-User(master): Volker Lendecke <[email protected]>
Autobuild-Date(master): Tue May 16 16:45:43 CEST 2017 on sn-devel-144
commit 9bbb6c020e0049a93cbbfeb9ddfcbbe68251d2e2
Author: Andreas Schneider <[email protected]>
Date: Mon May 8 11:34:54 2017 +0200
s3:winbind: Use a talloc stackframe for rpc_query_user_list
CID #1401581
Signed-off-by: Andreas Schneider <[email protected]>
Reviewed-by: Volker Lendecke <[email protected]>
commit ef109f86c790f12eb967ebae27c9f2f435f96156
Author: Andreas Schneider <[email protected]>
Date: Mon May 8 11:22:51 2017 +0200
librpc:ndr: Set the length to 1 if we assign and empty string
CID #1399648
Signed-off-by: Andreas Schneider <[email protected]>
Reviewed-by: Volker Lendecke <[email protected]>
-----------------------------------------------------------------------
Summary of changes:
lib/ldb-samba/ldb_ildap.c | 4 +++-
librpc/ndr/ndr_string.c | 1 +
source3/winbindd/winbindd_rpc.c | 40 ++++++++++++++++++++++++----------------
3 files changed, 28 insertions(+), 17 deletions(-)
Changeset truncated at 500 lines:
diff --git a/lib/ldb-samba/ldb_ildap.c b/lib/ldb-samba/ldb_ildap.c
index 541971f..a4e96e4 100644
--- a/lib/ldb-samba/ldb_ildap.c
+++ b/lib/ldb-samba/ldb_ildap.c
@@ -863,7 +863,9 @@ static int ildb_connect(struct ldb_context *ldb, const char
*url,
return LDB_SUCCESS;
failed:
- ldb_set_errstring(ldb, ldap_errstr(ildb->ldap, module, status));
+ if (ildb != NULL && ildb->ldap != NULL) {
+ ldb_set_errstring(ldb, ldap_errstr(ildb->ldap, module, status));
+ }
talloc_free(module);
if (NT_STATUS_IS_LDAP(status)) {
return NT_STATUS_LDAP_CODE(status);
diff --git a/librpc/ndr/ndr_string.c b/librpc/ndr/ndr_string.c
index f9366b4..067f917 100644
--- a/librpc/ndr/ndr_string.c
+++ b/librpc/ndr/ndr_string.c
@@ -677,6 +677,7 @@ _PUBLIC_ enum ndr_err_code ndr_push_charset_to_null(struct
ndr_push *ndr, int nd
if (str == NULL) {
str = "";
+ length = 1;
}
return ndr_push_charset(ndr, ndr_flags, str, length, byte_mul, chset);
diff --git a/source3/winbindd/winbindd_rpc.c b/source3/winbindd/winbindd_rpc.c
index 0023e2a..2c76e1a 100644
--- a/source3/winbindd/winbindd_rpc.c
+++ b/source3/winbindd/winbindd_rpc.c
@@ -46,54 +46,62 @@ NTSTATUS rpc_query_user_list(TALLOC_CTX *mem_ctx,
uint32_t num_rids = 0;
uint32_t i = 0;
uint32_t resume_handle = 0;
- NTSTATUS result;
+ NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
+ NTSTATUS status = NT_STATUS_UNSUCCESSFUL;
+ TALLOC_CTX *tmp_ctx;
*prids = NULL;
+ tmp_ctx = talloc_stackframe();
+ if (tmp_ctx == NULL) {
+ return NT_STATUS_NO_MEMORY;
+ }
+
do {
struct samr_SamArray *sam_array = NULL;
uint32_t count = 0;
- NTSTATUS status;
uint32_t *tmp;
status = dcerpc_samr_EnumDomainUsers(
- b, mem_ctx, samr_policy, &resume_handle,
+ b, tmp_ctx, samr_policy, &resume_handle,
ACB_NORMAL, &sam_array, 0xffff, &count, &result);
if (!NT_STATUS_IS_OK(status)) {
- return status;
+ goto done;
}
if (!NT_STATUS_IS_OK(result)) {
if (!NT_STATUS_EQUAL(result, STATUS_MORE_ENTRIES)) {
DBG_WARNING("EnumDomainUsers failed: %s\n",
nt_errstr(result));
- TALLOC_FREE(rids);
- TALLOC_FREE(sam_array);
- return result;
+ status = result;
+ goto done;
}
}
if (num_rids + count < num_rids) {
- TALLOC_FREE(sam_array);
- TALLOC_FREE(rids);
- return NT_STATUS_INTEGER_OVERFLOW;
+ status = NT_STATUS_INTEGER_OVERFLOW;
+ goto done;
}
- tmp = talloc_realloc(mem_ctx, rids, uint32_t, num_rids+count);
+ tmp = talloc_realloc(tmp_ctx, rids, uint32_t, num_rids+count);
if (tmp == NULL) {
- TALLOC_FREE(sam_array);
- TALLOC_FREE(rids);
- return NT_STATUS_NO_MEMORY;
+ status = NT_STATUS_NO_MEMORY;
+ goto done;
}
rids = tmp;
for (i=0; i<count; i++) {
rids[num_rids++] = sam_array->entries[i].idx;
}
+
+ TALLOC_FREE(sam_array);
} while (NT_STATUS_EQUAL(result, STATUS_MORE_ENTRIES));
- *prids = rids;
+ *prids = talloc_steal(mem_ctx, rids);
+ status = NT_STATUS_OK;
- return NT_STATUS_OK;
+done:
+ TALLOC_FREE(tmp_ctx);
+ return status;
}
/* List all domain groups */
--
Samba Shared Repository
