The branch, master has been updated
via ba53707... libwbclient: wbcFreeMemory deals fine with a NULL pointer
via 89bbc41... libwbclient: Fix wbcListGroups against too small
num_entries
via 6d898b4... libwbclient: Fix wbcListUsers against too small
num_entries
from 23fd764... s4:winbind: fill response.data.num_entries for
WINBINDD_LIST_USERS
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master
- Log -----------------------------------------------------------------
commit ba537079cff577237b7df50ab15fabb5b0086166
Author: Volker Lendecke <v...@samba.org>
Date: Mon Apr 19 15:56:30 2010 +0200
libwbclient: wbcFreeMemory deals fine with a NULL pointer
commit 89bbc41d029e2327a9b9a3408c7552ce3e75e855
Author: Volker Lendecke <v...@samba.org>
Date: Mon Apr 19 15:50:11 2010 +0200
libwbclient: Fix wbcListGroups against too small num_entries
Thanks for the s4 winbind sending 0 here and Tridge to point it out to me
:-)
commit 6d898b45a381b3a93da4ac2c4e1af0487dd838ef
Author: Volker Lendecke <v...@samba.org>
Date: Mon Apr 19 15:50:11 2010 +0200
libwbclient: Fix wbcListUsers against too small num_entries
Thanks for the s4 winbind sending 0 here and Tridge to point it out to me
:-)
-----------------------------------------------------------------------
Summary of changes:
nsswitch/libwbclient/wbc_sid.c | 38 +++++++++++++++++++++++---------------
1 files changed, 23 insertions(+), 15 deletions(-)
Changeset truncated at 500 lines:
diff --git a/nsswitch/libwbclient/wbc_sid.c b/nsswitch/libwbclient/wbc_sid.c
index 2130077..73bd416 100644
--- a/nsswitch/libwbclient/wbc_sid.c
+++ b/nsswitch/libwbclient/wbc_sid.c
@@ -638,8 +638,17 @@ wbcErr wbcListUsers(const char *domain_name,
next = (const char *)response.extra_data.data;
while (next) {
- const char *current = next;
- char *k = strchr(next, ',');
+ const char *current;
+ char *k;
+
+ if (num_users >= response.data.num_entries) {
+ wbc_status = WBC_ERR_INVALID_RESPONSE;
+ goto done;
+ }
+
+ current = next;
+ k = strchr(next, ',');
+
if (k) {
k[0] = '\0';
next = k+1;
@@ -650,10 +659,6 @@ wbcErr wbcListUsers(const char *domain_name,
users[num_users] = strdup(current);
BAIL_ON_PTR_ERROR(users[num_users], wbc_status);
num_users += 1;
- if (num_users > response.data.num_entries) {
- wbc_status = WBC_ERR_INVALID_RESPONSE;
- goto done;
- }
}
if (num_users != response.data.num_entries) {
wbc_status = WBC_ERR_INVALID_RESPONSE;
@@ -667,9 +672,7 @@ wbcErr wbcListUsers(const char *domain_name,
done:
winbindd_free_response(&response);
- if (users) {
- wbcFreeMemory(users);
- }
+ wbcFreeMemory(users);
return wbc_status;
}
@@ -709,8 +712,17 @@ wbcErr wbcListGroups(const char *domain_name,
next = (const char *)response.extra_data.data;
while (next) {
- const char *current = next;
- char *k = strchr(next, ',');
+ const char *current;
+ char *k;
+
+ if (num_groups >= response.data.num_entries) {
+ wbc_status = WBC_ERR_INVALID_RESPONSE;
+ goto done;
+ }
+
+ current = next;
+ k = strchr(next, ',');
+
if (k) {
k[0] = '\0';
next = k+1;
@@ -721,10 +733,6 @@ wbcErr wbcListGroups(const char *domain_name,
groups[num_groups] = strdup(current);
BAIL_ON_PTR_ERROR(groups[num_groups], wbc_status);
num_groups += 1;
- if (num_groups > response.data.num_entries) {
- wbc_status = WBC_ERR_INVALID_RESPONSE;
- goto done;
- }
}
if (num_groups != response.data.num_entries) {
wbc_status = WBC_ERR_INVALID_RESPONSE;
--
Samba Shared Repository
