1
0
mirror of https://github.com/samba-team/samba.git synced 2024-12-22 13:34:15 +03:00

s4:kdc: Check return value of samdb_result_dom_sid()

We should not pass a NULL pointer into dom_sid_split_rid().

Unlike samdb_result_dom_sid(), samdb_result_dom_sid_buf() produces an
error code on failure and does not require a heap allocation.

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
This commit is contained in:
Joseph Sutton 2023-08-25 11:17:24 +12:00 committed by Andrew Bartlett
parent ba1750082a
commit 49b96243b5

View File

@ -750,7 +750,9 @@ int samba_krbtgt_is_in_db(struct samba_kdc_entry *p,
bool *is_trusted)
{
NTSTATUS status;
krb5_error_code ret;
int rodc_krbtgt_number, trust_direction;
struct dom_sid sid;
uint32_t rid;
TALLOC_CTX *mem_ctx = talloc_new(NULL);
@ -774,8 +776,12 @@ int samba_krbtgt_is_in_db(struct samba_kdc_entry *p,
/* The lack of password controls etc applies to krbtgt by
* virtue of being that particular RID */
status = dom_sid_split_rid(NULL, samdb_result_dom_sid(mem_ctx, p->msg, "objectSid"), NULL, &rid);
ret = samdb_result_dom_sid_buf(p->msg, "objectSid", &sid);
if (ret) {
return ret;
}
status = dom_sid_split_rid(NULL, &sid, NULL, &rid);
if (!NT_STATUS_IS_OK(status)) {
talloc_free(mem_ctx);
return map_errno_from_nt_status(status);