1
0
mirror of https://github.com/samba-team/samba.git synced 2024-12-22 13:34:15 +03:00

s3: winbind: Remove fstring from wb_acct_info struct

The group enumeration backend functions try to allocate an array of
wb_acct_info structs with a number of elements equal to the number of
groups. In domains with a large number of groups this allocation may
fail due to the size of the chunk.

Found while trying to enumerate the groups in a domain with more than
700k groups.

Signed-off-by: Samuel Cabrero <scabrero@suse.de>
Reviewed-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
This commit is contained in:
Samuel Cabrero 2018-10-30 18:47:16 +01:00 committed by Jeremy Allison
parent 1b2de44ea8
commit 8d14714cc5
4 changed files with 22 additions and 14 deletions

View File

@ -189,8 +189,8 @@ struct winbindd_domain {
};
struct wb_acct_info {
fstring acct_name; /* account name */
fstring acct_desc; /* account name */
const char *acct_name; /* account name */
const char *acct_desc; /* account name */
uint32_t rid; /* domain-relative RID */
};

View File

@ -500,8 +500,8 @@ static NTSTATUS enum_dom_groups(struct winbindd_domain *domain,
struct dom_sid sid;
uint32_t rid;
name = ads_pull_username(ads, mem_ctx, msg);
gecos = ads_pull_string(ads, mem_ctx, msg, "name");
name = ads_pull_username(ads, (*info), msg);
gecos = ads_pull_string(ads, (*info), msg, "name");
if (!ads_pull_sid(ads, msg, "objectSid", &sid)) {
DEBUG(1,("No sid for %s !?\n", name));
continue;
@ -512,8 +512,8 @@ static NTSTATUS enum_dom_groups(struct winbindd_domain *domain,
continue;
}
fstrcpy((*info)[i].acct_name, name);
fstrcpy((*info)[i].acct_desc, gecos);
(*info)[i].acct_name = name;
(*info)[i].acct_desc = gecos;
(*info)[i].rid = rid;
i++;
}

View File

@ -1565,8 +1565,8 @@ do_fetch_cache:
smb_panic_fn("enum_dom_groups out of memory");
}
for (i=0; i<(*num_entries); i++) {
fstrcpy((*info)[i].acct_name, centry_string(centry, mem_ctx));
fstrcpy((*info)[i].acct_desc, centry_string(centry, mem_ctx));
(*info)[i].acct_name = centry_string(centry, (*info));
(*info)[i].acct_desc = centry_string(centry, (*info));
(*info)[i].rid = centry_uint32(centry);
}
@ -1660,8 +1660,8 @@ do_fetch_cache:
smb_panic_fn("enum_dom_groups out of memory");
}
for (i=0; i<(*num_entries); i++) {
fstrcpy((*info)[i].acct_name, centry_string(centry, mem_ctx));
fstrcpy((*info)[i].acct_desc, centry_string(centry, mem_ctx));
(*info)[i].acct_name = centry_string(centry, (*info));
(*info)[i].acct_desc = centry_string(centry, (*info));
(*info)[i].rid = centry_uint32(centry);
}

View File

@ -155,9 +155,13 @@ NTSTATUS rpc_enum_dom_groups(TALLOC_CTX *mem_ctx,
for (g = 0; g < count; g++) {
struct wb_acct_info *i = &info[num_info + g];
fstrcpy(i->acct_name,
i->acct_name = talloc_strdup(info,
sam_array->entries[g].name.string);
fstrcpy(i->acct_desc, "");
if (i->acct_name == NULL) {
TALLOC_FREE(info);
return NT_STATUS_NO_MEMORY;
}
i->acct_desc = NULL;
i->rid = sam_array->entries[g].idx;
}
@ -217,9 +221,13 @@ NTSTATUS rpc_enum_local_groups(TALLOC_CTX *mem_ctx,
for (g = 0; g < count; g++) {
struct wb_acct_info *i = &info[num_info + g];
fstrcpy(i->acct_name,
i->acct_name = talloc_strdup(info,
sam_array->entries[g].name.string);
fstrcpy(i->acct_desc, "");
if (i->acct_name == NULL) {
TALLOC_FREE(info);
return NT_STATUS_NO_MEMORY;
}
i->acct_desc = NULL;
i->rid = sam_array->entries[g].idx;
}