On Thu, Aug 21, 2014 at 05:51:58PM +0200, Jakub Hrozek wrote: > On Thu, Aug 21, 2014 at 01:38:02PM +0200, Sumit Bose wrote: > > On Thu, Aug 21, 2014 at 01:27:58PM +0200, Jakub Hrozek wrote: > > > On Wed, Aug 20, 2014 at 05:38:56PM +0200, Sumit Bose wrote: > > > > > > wbcGetgrnam and wbcGetgrnam have wrong comments, but this trivial > > > > > > bug is > > > > > > also in Samba. > > > > > > > > > > > > Are you sure the asprintf() call in wbcLookupName is safe? Could > > > > > > this > > > > > > enable someone to trash the stack with a long enough name? > > > > > > > > > > I added some checks to prevent this. > > > > > > For some reason I thought that asprintf allocates on the stack like > > > alloca and didn't see the call to free. In this case, I don't think the > > > check is needed. > > > > I think the NULL checks still make sense and if you agree I would keep > > the others just as sanity checks. > > > > bye, > > Sumit > > OK, the additional checks don't hurt. > > I tested the latest version of the patch and all the interface entry > points I could test work fine. > > As discussed with Sumit, winbind supports the name@domain notation. > Because it might be useful to support that from sssd, too, I filed > https://fedorahosted.org/sssd/ticket/2414 to track that. > > ACK to the patch.
* master: 885386b7e3f1c3e74b354576b98a092b0835d64e _______________________________________________ sssd-devel mailing list sssd-devel@lists.fedorahosted.org https://lists.fedorahosted.org/mailman/listinfo/sssd-devel
