The Samba-Bugzilla – Attachment 2740 Details for
Bug 4683
Policy not found and crash smbd in api_lsa_lookup_sids()
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
Patch
look (text/plain), 7.42 KB, created by
Jeremy Allison
on 2007-06-08 19:16:51 UTC
(
hide
)
Description:
Patch
Filename:
MIME Type:
Creator:
Jeremy Allison
Created:
2007-06-08 19:16:51 UTC
Size:
7.42 KB
patch
obsolete
>Index: rpc_client/cli_lsarpc.c >=================================================================== >--- rpc_client/cli_lsarpc.c (revision 23397) >+++ rpc_client/cli_lsarpc.c (working copy) >@@ -181,7 +181,6 @@ > LSA_Q_LOOKUP_SIDS q; > LSA_R_LOOKUP_SIDS r; > DOM_R_REF ref; >- LSA_TRANS_NAME_ENUM t_names; > NTSTATUS result = NT_STATUS_OK; > int i; > >@@ -191,10 +190,8 @@ > init_q_lookup_sids(mem_ctx, &q, pol, num_sids, sids, 1); > > ZERO_STRUCT(ref); >- ZERO_STRUCT(t_names); > > r.dom_ref = &ref; >- r.names = &t_names; > > CLI_DO_RPC( cli, mem_ctx, PI_LSARPC, LSA_LOOKUPSIDS, > q, r, >@@ -245,7 +242,7 @@ > > for (i = 0; i < num_sids; i++) { > fstring name, dom_name; >- uint32 dom_idx = t_names.name[i].domain_idx; >+ uint32 dom_idx = r.names.name[i].domain_idx; > > /* Translate optimised name through domain index array */ > >@@ -254,11 +251,11 @@ > rpcstr_pull_unistr2_fstring( > dom_name, &ref.ref_dom[dom_idx].uni_dom_name); > rpcstr_pull_unistr2_fstring( >- name, &t_names.uni_name[i]); >+ name, &r.names.uni_name[i]); > > (*names)[i] = talloc_strdup(mem_ctx, name); > (*domains)[i] = talloc_strdup(mem_ctx, dom_name); >- (*types)[i] = t_names.name[i].sid_name_use; >+ (*types)[i] = r.names.name[i].sid_name_use; > > if (((*names)[i] == NULL) || ((*domains)[i] == NULL)) { > DEBUG(0, ("cli_lsa_lookup_sids(): out of memory\n")); >Index: rpc_server/srv_lsa_nt.c >=================================================================== >--- rpc_server/srv_lsa_nt.c (revision 23397) >+++ rpc_server/srv_lsa_nt.c (working copy) >@@ -380,12 +380,10 @@ > > static void init_reply_lookup_sids2(LSA_R_LOOKUP_SIDS2 *r_l, > DOM_R_REF *ref, >- LSA_TRANS_NAME_ENUM2 *names, > uint32 mapped_count) > { > r_l->ptr_dom_ref = ref ? 1 : 0; > r_l->dom_ref = ref; >- r_l->names = names; > r_l->mapped_count = mapped_count; > } > >@@ -395,12 +393,10 @@ > > static void init_reply_lookup_sids3(LSA_R_LOOKUP_SIDS3 *r_l, > DOM_R_REF *ref, >- LSA_TRANS_NAME_ENUM2 *names, > uint32 mapped_count) > { > r_l->ptr_dom_ref = ref ? 1 : 0; > r_l->dom_ref = ref; >- r_l->names = names; > r_l->mapped_count = mapped_count; > } > >@@ -414,12 +410,8 @@ > LSA_TRANS_NAME_ENUM2 *names, > uint32 mapped_count) > { >- LSA_TRANS_NAME_ENUM *oldnames = TALLOC_ZERO_P(mem_ctx, LSA_TRANS_NAME_ENUM); >+ LSA_TRANS_NAME_ENUM *oldnames = &r_l->names; > >- if (!oldnames) { >- return NT_STATUS_NO_MEMORY; >- } >- > oldnames->num_entries = names->num_entries; > oldnames->ptr_trans_names = names->ptr_trans_names; > oldnames->num_entries2 = names->num_entries2; >@@ -442,7 +434,6 @@ > > r_l->ptr_dom_ref = ref ? 1 : 0; > r_l->dom_ref = ref; >- r_l->names = oldnames; > r_l->mapped_count = mapped_count; > return NT_STATUS_OK; > } >@@ -811,13 +802,12 @@ > int num_sids, /* input */ > const DOM_SID2 *sid, /* input */ > DOM_R_REF **pp_ref, /* output */ >- LSA_TRANS_NAME_ENUM2 **pp_names, /* output */ >+ LSA_TRANS_NAME_ENUM2 *names, /* input/output */ > uint32 *pp_mapped_count) > { > NTSTATUS status; > int i; > const DOM_SID **sids = NULL; >- LSA_TRANS_NAME_ENUM2 *names = NULL; > DOM_R_REF *ref = NULL; > uint32 mapped_count = 0; > struct lsa_dom_info *dom_infos = NULL; >@@ -825,17 +815,16 @@ > > *pp_mapped_count = 0; > *pp_ref = NULL; >- *pp_names = NULL; >+ ZERO_STRUCTP(names); > > if (num_sids == 0) { > return NT_STATUS_OK; > } > >- names = TALLOC_ZERO_P(p->mem_ctx, LSA_TRANS_NAME_ENUM2); > sids = TALLOC_ARRAY(p->mem_ctx, const DOM_SID *, num_sids); > ref = TALLOC_ZERO_P(p->mem_ctx, DOM_R_REF); > >- if (sids == NULL || names == NULL || ref == NULL) { >+ if (sids == NULL || ref == NULL) { > return NT_STATUS_NO_MEMORY; > } > >@@ -903,7 +892,6 @@ > > *pp_mapped_count = mapped_count; > *pp_ref = ref; >- *pp_names = names; > > return status; > } >@@ -920,7 +908,7 @@ > int num_sids = q_u->sids.num_entries; > uint32 mapped_count = 0; > DOM_R_REF *ref = NULL; >- LSA_TRANS_NAME_ENUM2 *names = NULL; >+ LSA_TRANS_NAME_ENUM2 names; > NTSTATUS status; > > if ((q_u->level < 1) || (q_u->level > 6)) { >@@ -952,7 +940,7 @@ > > /* Convert from LSA_TRANS_NAME_ENUM2 to LSA_TRANS_NAME_ENUM */ > >- status = init_reply_lookup_sids(p->mem_ctx, r_u, ref, names, mapped_count); >+ status = init_reply_lookup_sids(p->mem_ctx, r_u, ref, &names, mapped_count); > if (!NT_STATUS_IS_OK(status)) { > return status; > } >@@ -971,7 +959,6 @@ > int num_sids = q_u->sids.num_entries; > uint32 mapped_count = 0; > DOM_R_REF *ref = NULL; >- LSA_TRANS_NAME_ENUM2 *names = NULL; > > if ((q_u->level < 1) || (q_u->level > 6)) { > return NT_STATUS_INVALID_PARAMETER; >@@ -997,10 +984,10 @@ > num_sids, > q_u->sids.sid, > &ref, >- &names, >+ &r_u->names, > &mapped_count); > >- init_reply_lookup_sids2(r_u, ref, names, mapped_count); >+ init_reply_lookup_sids2(r_u, ref, mapped_count); > return r_u->status; > } > >@@ -1015,7 +1002,6 @@ > int num_sids = q_u->sids.num_entries; > uint32 mapped_count = 0; > DOM_R_REF *ref = NULL; >- LSA_TRANS_NAME_ENUM2 *names = NULL; > > if ((q_u->level < 1) || (q_u->level > 6)) { > return NT_STATUS_INVALID_PARAMETER; >@@ -1039,10 +1025,10 @@ > num_sids, > q_u->sids.sid, > &ref, >- &names, >+ &r_u->names, > &mapped_count); > >- init_reply_lookup_sids3(r_u, ref, names, mapped_count); >+ init_reply_lookup_sids3(r_u, ref, mapped_count); > return r_u->status; > } > >Index: rpc_parse/parse_lsa.c >=================================================================== >--- rpc_parse/parse_lsa.c (revision 23397) >+++ rpc_parse/parse_lsa.c (working copy) >@@ -1476,7 +1476,7 @@ > if(!lsa_io_dom_r_ref ("dom_ref", r_s->dom_ref, ps, depth)) /* domain reference info */ > return False; > >- if(!lsa_io_trans_names("names ", r_s->names, ps, depth)) /* translated names */ >+ if(!lsa_io_trans_names("names ", &r_s->names, ps, depth)) /* translated names */ > return False; > > if(!prs_align(ps)) >@@ -1511,7 +1511,7 @@ > if(!lsa_io_dom_r_ref ("dom_ref", r_s->dom_ref, ps, depth)) /* domain reference info */ > return False; > >- if(!lsa_io_trans_names2("names ", r_s->names, ps, depth)) /* translated names */ >+ if(!lsa_io_trans_names2("names ", &r_s->names, ps, depth)) /* translated names */ > return False; > > if(!prs_align(ps)) >@@ -1547,7 +1547,7 @@ > if(!lsa_io_dom_r_ref ("dom_ref", r_s->dom_ref, ps, depth)) /* domain reference info */ > return False; > >- if(!lsa_io_trans_names2("names ", r_s->names, ps, depth)) /* translated names */ >+ if(!lsa_io_trans_names2("names ", &r_s->names, ps, depth)) /* translated names */ > return False; > > if(!prs_align(ps)) >Index: include/rpc_lsa.h >=================================================================== >--- include/rpc_lsa.h (revision 23397) >+++ include/rpc_lsa.h (working copy) >@@ -515,7 +515,7 @@ > uint32 ptr_dom_ref; > DOM_R_REF *dom_ref; /* domain reference info */ > >- LSA_TRANS_NAME_ENUM *names; >+ LSA_TRANS_NAME_ENUM names; > uint32 mapped_count; > > NTSTATUS status; /* return code */ >@@ -541,7 +541,7 @@ > uint32 ptr_dom_ref; > DOM_R_REF *dom_ref; /* domain reference info */ > >- LSA_TRANS_NAME_ENUM2 *names; >+ LSA_TRANS_NAME_ENUM2 names; > uint32 mapped_count; > > NTSTATUS status; /* return code */ >@@ -566,7 +566,7 @@ > uint32 ptr_dom_ref; > DOM_R_REF *dom_ref; /* domain reference info */ > >- LSA_TRANS_NAME_ENUM2 *names; >+ LSA_TRANS_NAME_ENUM2 names; > uint32 mapped_count; > > NTSTATUS status; /* return code */
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=2740">View the attachment on a separate page</a>.</b>
View Attachment As Raw
Actions:
View
Attachments on
bug 4683
:
2735
|
2736
|
2737
|
2738
|
2739
| 2740 |
2741
|
2742