mirror of
https://github.com/samba-team/samba.git
synced 2024-12-23 17:34:34 +03:00
s4-kcc: Avoid use-after-free of dn and add tmp_ctx
By using a tmp_ctx we are clearer about allocating temporary memory. Andrew Bartlett
This commit is contained in:
parent
1b487ad3d7
commit
26bfe70def
@ -70,10 +70,16 @@ static bool check_MasterNC(struct kccsrv_partition *p, struct repsFromToBlob *r,
|
||||
struct repsFromTo1 *r1 = &r->ctr.ctr1;
|
||||
struct GUID invocation_id = r1->source_dsa_invocation_id;
|
||||
unsigned int i, j;
|
||||
TALLOC_CTX *tmp_ctx;
|
||||
|
||||
/* we are expecting only version 1 */
|
||||
SMB_ASSERT(r->version == 1);
|
||||
|
||||
tmp_ctx = talloc_new(p);
|
||||
if (!tmp_ctx) {
|
||||
return false;
|
||||
}
|
||||
|
||||
for (i=0; i<res->count; i++) {
|
||||
struct ldb_message *msg = res->msgs[i];
|
||||
struct ldb_message_element *el;
|
||||
@ -93,23 +99,24 @@ static bool check_MasterNC(struct kccsrv_partition *p, struct repsFromToBlob *r,
|
||||
}
|
||||
}
|
||||
for (j=0; j<el->num_values; j++) {
|
||||
dn = ldb_dn_from_ldb_val(p, p->service->samdb, &el->values[j]);
|
||||
dn = ldb_dn_from_ldb_val(tmp_ctx, p->service->samdb, &el->values[j]);
|
||||
if (!ldb_dn_validate(dn)) {
|
||||
talloc_free(dn);
|
||||
continue;
|
||||
}
|
||||
if (ldb_dn_compare(dn, p->dn) == 0) {
|
||||
talloc_free(dn);
|
||||
DEBUG(5,("%s %s match on %s in %s\n",
|
||||
r1->other_info->dns_name,
|
||||
el->name,
|
||||
ldb_dn_get_linearized(dn),
|
||||
ldb_dn_get_linearized(msg->dn)));
|
||||
talloc_free(tmp_ctx);
|
||||
return true;
|
||||
}
|
||||
talloc_free(dn);
|
||||
}
|
||||
}
|
||||
talloc_free(tmp_ctx);
|
||||
return false;
|
||||
}
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user