On Thu, Aug 21, 2014 at 01:27:58PM +0200, Jakub Hrozek wrote: > On Wed, Aug 20, 2014 at 05:38:56PM +0200, Sumit Bose wrote: > > > > wbcGetgrnam and wbcGetgrnam have wrong comments, but this trivial bug is > > > > also in Samba. > > > > > > > > Are you sure the asprintf() call in wbcLookupName is safe? Could this > > > > enable someone to trash the stack with a long enough name? > > > > > > I added some checks to prevent this. > > For some reason I thought that asprintf allocates on the stack like > alloca and didn't see the call to free. In this case, I don't think the > check is needed.
I think the NULL checks still make sense and if you agree I would keep the others just as sanity checks. bye, Sumit > > I'm sorry I made you do the work. > > The rest looks fine to me. > _______________________________________________ > sssd-devel mailing list > sssd-devel@lists.fedorahosted.org > https://lists.fedorahosted.org/mailman/listinfo/sssd-devel _______________________________________________ sssd-devel mailing list sssd-devel@lists.fedorahosted.org https://lists.fedorahosted.org/mailman/listinfo/sssd-devel
