On Thu, Aug 21, 2014 at 01:38:02PM +0200, Sumit Bose wrote: > On Thu, Aug 21, 2014 at 01:27:58PM +0200, Jakub Hrozek wrote: > > On Wed, Aug 20, 2014 at 05:38:56PM +0200, Sumit Bose wrote: > > > > > wbcGetgrnam and wbcGetgrnam have wrong comments, but this trivial bug > > > > > is > > > > > also in Samba. > > > > > > > > > > Are you sure the asprintf() call in wbcLookupName is safe? Could this > > > > > enable someone to trash the stack with a long enough name? > > > > > > > > I added some checks to prevent this. > > > > For some reason I thought that asprintf allocates on the stack like > > alloca and didn't see the call to free. In this case, I don't think the > > check is needed. > > I think the NULL checks still make sense and if you agree I would keep > the others just as sanity checks. > > bye, > Sumit
OK, the additional checks don't hurt. I tested the latest version of the patch and all the interface entry points I could test work fine. As discussed with Sumit, winbind supports the name@domain notation. Because it might be useful to support that from sssd, too, I filed https://fedorahosted.org/sssd/ticket/2414 to track that. ACK to the patch. _______________________________________________ sssd-devel mailing list sssd-devel@lists.fedorahosted.org https://lists.fedorahosted.org/mailman/listinfo/sssd-devel
