From 42768011c543f086307f9b022e3bde961420debc Mon Sep 17 00:00:00 2001
From: Stefan Metzmacher <metze@samba.org>
Date: Mon, 20 Mar 2017 12:56:00 +0100
Subject: s4:rpc_server/lsa: simplify [ref] pointer handling in
 dcesrv_lsa_LookupSids()

Bug: https://bugzilla.samba.org/show_bug.cgi?id=13286

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
(cherry picked from commit 5d868fd875803e361653ccca4e61c5c25dc114aa)
---
 source4/rpc_server/lsa/lsa_lookup.c | 27 ++++++++++-----------------
 1 file changed, 10 insertions(+), 17 deletions(-)

(limited to 'source4/rpc_server')

diff --git a/source4/rpc_server/lsa/lsa_lookup.c b/source4/rpc_server/lsa/lsa_lookup.c
index a8a136b1266..400b5214a1a 100644
--- a/source4/rpc_server/lsa/lsa_lookup.c
+++ b/source4/rpc_server/lsa/lsa_lookup.c
@@ -793,6 +793,13 @@ NTSTATUS dcesrv_lsa_LookupSids(struct dcesrv_call_state *dce_call, TALLOC_CTX *m
 	r->out.names->names = NULL;
 	*r->out.count = 0;
 
+	r->out.names->names = talloc_zero_array(r->out.names,
+						struct lsa_TranslatedName,
+						r->in.sids->num_sids);
+	if (r->out.names->names == NULL) {
+		return NT_STATUS_NO_MEMORY;
+	}
+
 	ZERO_STRUCT(r2);
 
 	r2.in.handle   = r->in.handle;
@@ -816,27 +823,13 @@ NTSTATUS dcesrv_lsa_LookupSids(struct dcesrv_call_state *dce_call, TALLOC_CTX *m
 	/* we deliberately don't check for error from the above,
 	   as even on error we are supposed to return the names  */
 
-	r->out.domains = r2.out.domains;
-	if (!r2.out.names) {
-		r->out.names = NULL;
-		return status;
-	}
-
-	r->out.names = talloc(mem_ctx, struct lsa_TransNameArray);
-	if (r->out.names == NULL) {
-		return NT_STATUS_NO_MEMORY;
-	}
-	r->out.names->count = r2.out.names->count;
-	r->out.names->names = talloc_array(r->out.names, struct lsa_TranslatedName, 
-					     r->out.names->count);
-	if (r->out.names->names == NULL) {
-		return NT_STATUS_NO_MEMORY;
-	}
-	for (i=0;i<r->out.names->count;i++) {
+	SMB_ASSERT(r2.out.names->count <= r->in.sids->num_sids);
+	for (i=0;i<r2.out.names->count;i++) {
 		r->out.names->names[i].sid_type    = r2.out.names->names[i].sid_type;
 		r->out.names->names[i].name.string = r2.out.names->names[i].name.string;
 		r->out.names->names[i].sid_index   = r2.out.names->names[i].sid_index;
 	}
+	r->out.names->count = r2.out.names->count;
 
 	return status;
 }
-- 
cgit v1.2.1