diff options
| author | Stefan Metzmacher <metze@samba.org> | 2017-03-20 12:56:00 +0100 |
|---|---|---|
| committer | Ralph Boehme <slow@samba.org> | 2018-02-21 14:19:18 +0100 |
| commit | f6e60d2c2e1f0a4eb6426c7da683abaa11babd05 (patch) | |
| tree | a76f98f43be4c8174e5def296f51189320f61738 /source4 | |
| parent | 3909f8fcfe6b82575ad8974acacde3270ce849fe (diff) | |
| download | samba-f6e60d2c2e1f0a4eb6426c7da683abaa11babd05.tar.gz | |
s4:rpc_server/lsa: make sure dcesrv_lsa_LookupSids_common() gets prepared [ref] pointers
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13286
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Diffstat (limited to 'source4')
| -rw-r--r-- | source4/rpc_server/lsa/lsa_lookup.c | 34 |
1 files changed, 23 insertions, 11 deletions
diff --git a/source4/rpc_server/lsa/lsa_lookup.c b/source4/rpc_server/lsa/lsa_lookup.c index d0361417ef9..c2931c182c4 100644 --- a/source4/rpc_server/lsa/lsa_lookup.c +++ b/source4/rpc_server/lsa/lsa_lookup.c @@ -596,13 +596,16 @@ static NTSTATUS dcesrv_lsa_LookupSids_common(struct dcesrv_call_state *dce_call, NTSTATUS status = NT_STATUS_OK; uint32_t i; + *r->out.domains = NULL; + r->out.names->count = 0; + r->out.names->names = NULL; + *r->out.count = 0; + if (r->in.level < LSA_LOOKUP_NAMES_ALL || r->in.level > LSA_LOOKUP_NAMES_RODC_REFERRAL_TO_FULL_DC) { return NT_STATUS_INVALID_PARAMETER; } - *r->out.domains = NULL; - /* NOTE: the WSPP test suite tries SIDs with invalid revision numbers, and expects NT_STATUS_INVALID_PARAMETER back - we just treat it as an unknown SID. We could add a SID validator here. (tridge) @@ -615,13 +618,6 @@ static NTSTATUS dcesrv_lsa_LookupSids_common(struct dcesrv_call_state *dce_call, } *r->out.domains = domains; - r->out.names = talloc_zero(mem_ctx, struct lsa_TransNameArray2); - if (r->out.names == NULL) { - return NT_STATUS_NO_MEMORY; - } - - *r->out.count = 0; - r->out.names->names = talloc_array(r->out.names, struct lsa_TranslatedName2, r->in.sids->num_sids); if (r->out.names->names == NULL) { @@ -739,6 +735,11 @@ NTSTATUS dcesrv_lsa_LookupSids3(struct dcesrv_call_state *dce_call, DCESRV_FAULT(DCERPC_FAULT_ACCESS_DENIED); } + *r->out.domains = NULL; + r->out.names->count = 0; + r->out.names->names = NULL; + *r->out.count = 0; + status = dcesrv_lsa_get_policy_state(dce_call, mem_ctx, 0, /* we skip access checks */ &policy_state); @@ -790,17 +791,28 @@ NTSTATUS dcesrv_lsa_LookupSids(struct dcesrv_call_state *dce_call, TALLOC_CTX *m DCESRV_FAULT(DCERPC_FAULT_ACCESS_DENIED); } + *r->out.domains = NULL; + r->out.names->count = 0; + r->out.names->names = NULL; + *r->out.count = 0; + ZERO_STRUCT(r2); r2.in.handle = r->in.handle; r2.in.sids = r->in.sids; - r2.in.names = NULL; + r2.in.names = talloc_zero(mem_ctx, struct lsa_TransNameArray2); + if (r2.in.names == NULL) { + return NT_STATUS_NO_MEMORY; + } r2.in.level = r->in.level; r2.in.count = r->in.count; r2.in.lookup_options = LSA_LOOKUP_OPTION_SEARCH_ISOLATED_NAMES; r2.in.client_revision = LSA_CLIENT_REVISION_1; r2.out.count = r->out.count; - r2.out.names = NULL; + r2.out.names = talloc_zero(mem_ctx, struct lsa_TransNameArray2); + if (r2.out.names == NULL) { + return NT_STATUS_NO_MEMORY; + } r2.out.domains = r->out.domains; status = dcesrv_lsa_LookupSids2(dce_call, mem_ctx, &r2); |