lib/ldb-samba: Avoid talloc() in ldif_read_objectSid() by parsing the SID string on the stack

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>

1 files changed, 23 insertions, 15 deletions

diff --git a/lib/ldb-samba/ldif_handlers.c b/lib/ldb-samba/ldif_handlers.c
index 510154d4aa0..591bd1ee217 100644
--- a/lib/ldb-samba/ldif_handlers.c
+++ b/lib/ldb-samba/ldif_handlers.c
@@ -85,24 +85,32 @@ static int ldif_write_NDR(struct ldb_context *ldb, void *mem_ctx,
 static int ldif_read_objectSid(struct ldb_context *ldb, void *mem_ctx,
 			       const struct ldb_val *in, struct ldb_val *out)
 {
+	bool ret;
 	enum ndr_err_code ndr_err;
-	struct dom_sid *sid;
-	sid = dom_sid_parse_length(mem_ctx, in);
-	if (sid == NULL) {
-		return -1;
-	}
-
-	*out = data_blob_talloc(mem_ctx, NULL,
-				ndr_size_dom_sid(sid, 0));
-	if (out->data == NULL) {
+	struct dom_sid sid;
+	if (in->length > DOM_SID_STR_BUFLEN) {
 		return -1;
-	}
+	} else {
+		char p[in->length+1];
+		memcpy(p, in->data, in->length);
+		p[in->length] = '\0';
+		
+		ret = dom_sid_parse(p, &sid);
+		if (ret == false) {
+			return -1;
+		}
+		
+		*out = data_blob_talloc(mem_ctx, NULL,
+					ndr_size_dom_sid(&sid, 0));
+		if (out->data == NULL) {
+			return -1;
+		}
 	
-	ndr_err = ndr_push_struct_into_fixed_blob(out, sid,
-			(ndr_push_flags_fn_t)ndr_push_dom_sid);
-	talloc_free(sid);
-	if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
-		return -1;
+		ndr_err = ndr_push_struct_into_fixed_blob(out, &sid,
+				(ndr_push_flags_fn_t)ndr_push_dom_sid);
+		if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
+			return -1;
+		}
 	}
 	return 0;
 }