1
0
mirror of https://github.com/samba-team/samba.git synced 2025-01-10 01:18:15 +03:00

libcli/security: simplify wire claim conversion mem, 1/3: avoid NULL parent

The reason for this, apart from weighing up possible over-allocations
vs realloc costs, is in the first iteration of the loop,

       claim_values = talloc_array(claims,

would allocate onto NULL, which leaks.

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
This commit is contained in:
Douglas Bagnall 2023-11-22 14:39:49 +13:00 committed by Andrew Bartlett
parent a836ad1442
commit 7656d13334

View File

@ -711,6 +711,7 @@ NTSTATUS token_claims_to_claims_v1(TALLOC_CTX *mem_ctx,
TALLOC_CTX *tmp_ctx = NULL;
struct CLAIM_SECURITY_ATTRIBUTE_RELATIVE_V1 *claims = NULL;
uint32_t n_claims = 0;
uint32_t expected_n_claims = 0;
uint32_t i;
if (out_claims == NULL) {
@ -732,6 +733,27 @@ NTSTATUS token_claims_to_claims_v1(TALLOC_CTX *mem_ctx,
return NT_STATUS_NO_MEMORY;
}
/*
* The outgoing number of claims is (at most) the sum of the
* claims_counts of each claims_array.
*/
for (i = 0; i < claims_set->claims_array_count; ++i) {
uint32_t count = claims_set->claims_arrays[i].claims_count;
expected_n_claims += count;
if (expected_n_claims < count) {
return NT_STATUS_INVALID_PARAMETER;
}
}
claims = talloc_array(tmp_ctx,
struct CLAIM_SECURITY_ATTRIBUTE_RELATIVE_V1,
expected_n_claims);
if (claims == NULL) {
talloc_free(tmp_ctx);
return NT_STATUS_NO_MEMORY;
}
for (i = 0; i < claims_set->claims_array_count; ++i) {
const struct CLAIMS_ARRAY *claims_array = &claims_set->claims_arrays[i];
uint32_t j;
@ -905,15 +927,6 @@ NTSTATUS token_claims_to_claims_v1(TALLOC_CTX *mem_ctx,
continue;
}
claims = talloc_realloc(tmp_ctx,
claims,
struct CLAIM_SECURITY_ATTRIBUTE_RELATIVE_V1,
++n_claims);
if (claims == NULL) {
talloc_free(tmp_ctx);
return NT_STATUS_NO_MEMORY;
}
if (claim_entry->id != NULL) {
name = talloc_strdup(claims, claim_entry->id);
if (name == NULL) {
@ -922,13 +935,14 @@ NTSTATUS token_claims_to_claims_v1(TALLOC_CTX *mem_ctx,
}
}
claims[n_claims - 1] = (struct CLAIM_SECURITY_ATTRIBUTE_RELATIVE_V1) {
claims[n_claims] = (struct CLAIM_SECURITY_ATTRIBUTE_RELATIVE_V1) {
.name = name,
.value_type = value_type,
.flags = 0,
.value_count = n_values,
.values = claim_values,
};
n_claims++;
}
}