mirror of
https://github.com/samba-team/samba.git
synced 2025-01-22 22:04:08 +03:00
s4:dsdb/paged_results: fix segfault in paged_results()
It can happen that the paged_results() failes, e.g. due to LDB_ERR_TIME_LIMIT_EXCEEDED, if that happens we should not dereference ares->response, if ares is NULL. We also should not call ldb_module_done() if paged_results() fails, as it was already called. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14952 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Volker Lendecke <vl@samba.org> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> (cherry picked from commit 19fa22b1fbcf33dbc4defe4dd2e487a642786c49)
This commit is contained in:
parent
01e15dfaed
commit
271d3f7b4a
@ -239,6 +239,7 @@ static int paged_search_by_dn_guid(struct ldb_module *module,
|
||||
|
||||
static int paged_results(struct paged_context *ac, struct ldb_reply *ares)
|
||||
{
|
||||
struct ldb_extended *response = (ares != NULL ? ares->response : NULL);
|
||||
struct ldb_paged_control *paged;
|
||||
unsigned int i, num_ctrls;
|
||||
int ret;
|
||||
@ -246,7 +247,7 @@ static int paged_results(struct paged_context *ac, struct ldb_reply *ares)
|
||||
if (ac->store == NULL) {
|
||||
ret = LDB_ERR_OPERATIONS_ERROR;
|
||||
return ldb_module_done(
|
||||
ac->req, ac->controls, ares->response, ret);
|
||||
ac->req, ac->controls, response, ret);
|
||||
}
|
||||
|
||||
while (ac->store->last_i < ac->store->num_entries && ac->size > 0) {
|
||||
@ -276,7 +277,7 @@ static int paged_results(struct paged_context *ac, struct ldb_reply *ares)
|
||||
continue;
|
||||
} else if (ret != LDB_SUCCESS) {
|
||||
return ldb_module_done(
|
||||
ac->req, ac->controls, ares->response, ret);
|
||||
ac->req, ac->controls, response, ret);
|
||||
}
|
||||
|
||||
ret = ldb_module_send_entry(ac->req, result->msgs[0],
|
||||
@ -318,7 +319,7 @@ static int paged_results(struct paged_context *ac, struct ldb_reply *ares)
|
||||
if (ac->controls == NULL) {
|
||||
ret = LDB_ERR_OPERATIONS_ERROR;
|
||||
return ldb_module_done(
|
||||
ac->req, ac->controls, ares->response, ret);
|
||||
ac->req, ac->controls, response, ret);
|
||||
}
|
||||
ac->controls[num_ctrls] = NULL;
|
||||
|
||||
@ -331,7 +332,7 @@ static int paged_results(struct paged_context *ac, struct ldb_reply *ares)
|
||||
if (ac->controls[i] == NULL) {
|
||||
ret = LDB_ERR_OPERATIONS_ERROR;
|
||||
return ldb_module_done(
|
||||
ac->req, ac->controls, ares->response, ret);
|
||||
ac->req, ac->controls, response, ret);
|
||||
}
|
||||
|
||||
ac->controls[i]->oid = talloc_strdup(ac->controls[i],
|
||||
@ -339,7 +340,7 @@ static int paged_results(struct paged_context *ac, struct ldb_reply *ares)
|
||||
if (ac->controls[i]->oid == NULL) {
|
||||
ret = LDB_ERR_OPERATIONS_ERROR;
|
||||
return ldb_module_done(
|
||||
ac->req, ac->controls, ares->response, ret);
|
||||
ac->req, ac->controls, response, ret);
|
||||
}
|
||||
|
||||
ac->controls[i]->critical = 0;
|
||||
@ -348,7 +349,7 @@ static int paged_results(struct paged_context *ac, struct ldb_reply *ares)
|
||||
if (paged == NULL) {
|
||||
ret = LDB_ERR_OPERATIONS_ERROR;
|
||||
return ldb_module_done(
|
||||
ac->req, ac->controls, ares->response, ret);
|
||||
ac->req, ac->controls, response, ret);
|
||||
}
|
||||
|
||||
ac->controls[i]->data = paged;
|
||||
@ -803,7 +804,11 @@ static int paged_search(struct ldb_module *module, struct ldb_request *req)
|
||||
|
||||
ret = paged_results(ac, NULL);
|
||||
if (ret != LDB_SUCCESS) {
|
||||
return ldb_module_done(req, NULL, NULL, ret);
|
||||
/*
|
||||
* paged_results() will have called ldb_module_done
|
||||
* if an error occurred
|
||||
*/
|
||||
return ret;
|
||||
}
|
||||
return ldb_module_done(req, ac->controls, NULL, LDB_SUCCESS);
|
||||
}
|
||||
|
Loading…
x
Reference in New Issue
Block a user