Author: gd Date: 2006-12-20 14:23:41 +0000 (Wed, 20 Dec 2006) New Revision: 20279
WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba&rev=20279 Log: Fix winbind segfault in winbindd_getsidaliases. Jeremy: sidstr formerly could be NULL (when num_aliases was 0), since we strdup here it needs to exist. Guenther Modified: branches/SAMBA_3_0/source/nsswitch/winbindd_async.c branches/SAMBA_3_0_24/source/nsswitch/winbindd_async.c Changeset: Modified: branches/SAMBA_3_0/source/nsswitch/winbindd_async.c =================================================================== --- branches/SAMBA_3_0/source/nsswitch/winbindd_async.c 2006-12-20 13:05:13 UTC (rev 20278) +++ branches/SAMBA_3_0/source/nsswitch/winbindd_async.c 2006-12-20 14:23:41 UTC (rev 20279) @@ -1084,7 +1084,7 @@ { DOM_SID *sids = NULL; size_t num_sids = 0; - char *sidstr; + char *sidstr = NULL; ssize_t len; size_t i; uint32 num_aliases; @@ -1094,8 +1094,13 @@ DEBUG(3, ("[%5lu]: getsidaliases\n", (unsigned long)state->pid)); sidstr = state->request.extra_data.data; - if (sidstr == NULL) + if (sidstr == NULL) { sidstr = talloc_strdup(state->mem_ctx, "\n"); /* No SID */ + if (!sidstr) { + DEBUG(0, ("Out of memory\n")); + return WINBINDD_ERROR; + } + } DEBUG(10, ("Sidlist: %s\n", sidstr)); @@ -1121,6 +1126,7 @@ num_sids = 0; sids = NULL; + sidstr = NULL; DEBUG(10, ("Got %d aliases\n", num_aliases)); @@ -1141,9 +1147,14 @@ return WINBINDD_ERROR; } - state->response.extra_data.data = SMB_STRDUP(sidstr); + state->response.extra_data.data = NULL; - if (state->response.extra_data.data != NULL) { + if (sidstr) { + state->response.extra_data.data = SMB_STRDUP(sidstr); + if (!state->response.extra_data.data) { + DEBUG(0, ("Out of memory\n")); + return WINBINDD_ERROR; + } DEBUG(10, ("aliases_list: %s\n", (char *)state->response.extra_data.data)); state->response.length += len+1; Modified: branches/SAMBA_3_0_24/source/nsswitch/winbindd_async.c =================================================================== --- branches/SAMBA_3_0_24/source/nsswitch/winbindd_async.c 2006-12-20 13:05:13 UTC (rev 20278) +++ branches/SAMBA_3_0_24/source/nsswitch/winbindd_async.c 2006-12-20 14:23:41 UTC (rev 20279) @@ -945,7 +945,7 @@ { DOM_SID *sids = NULL; size_t num_sids = 0; - char *sidstr; + char *sidstr = NULL; ssize_t len; size_t i; uint32 num_aliases; @@ -955,8 +955,13 @@ DEBUG(3, ("[%5lu]: getsidaliases\n", (unsigned long)state->pid)); sidstr = state->request.extra_data.data; - if (sidstr == NULL) + if (sidstr == NULL) { sidstr = talloc_strdup(state->mem_ctx, "\n"); /* No SID */ + if (!sidstr) { + DEBUG(0, ("Out of memory\n")); + return WINBINDD_ERROR; + } + } DEBUG(10, ("Sidlist: %s\n", sidstr)); @@ -982,6 +987,7 @@ num_sids = 0; sids = NULL; + sidstr = NULL; DEBUG(10, ("Got %d aliases\n", num_aliases)); @@ -1002,9 +1008,14 @@ return WINBINDD_ERROR; } - state->response.extra_data.data = SMB_STRDUP(sidstr); + state->response.extra_data.data = NULL; - if (state->response.extra_data.data != NULL) { + if (sidstr) { + state->response.extra_data.data = SMB_STRDUP(sidstr); + if (!state->response.extra_data.data) { + DEBUG(0, ("Out of memory\n")); + return WINBINDD_ERROR; + } DEBUG(10, ("aliases_list: %s\n", (char *)state->response.extra_data.data)); state->response.length += len+1;