On Wed, Aug 20, 2014 at 05:38:56PM +0200, Sumit Bose wrote: > > > wbcGetgrnam and wbcGetgrnam have wrong comments, but this trivial bug is > > > also in Samba. > > > > > > Are you sure the asprintf() call in wbcLookupName is safe? Could this > > > enable someone to trash the stack with a long enough name? > > > > I added some checks to prevent this.
For some reason I thought that asprintf allocates on the stack like alloca and didn't see the call to free. In this case, I don't think the check is needed. I'm sorry I made you do the work. The rest looks fine to me. _______________________________________________ sssd-devel mailing list sssd-devel@lists.fedorahosted.org https://lists.fedorahosted.org/mailman/listinfo/sssd-devel
