ldb: Explain why this use of talloc_memdup() is safe

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Jelmer Vernooij <jelmer@samba.org>

diff --git a/lib/ldb/common/ldb_dn.c b/lib/ldb/common/ldb_dn.c
index 1e83f5a6a8132c197f2a3b5b4d684a19bbcc9652..a912fdb2a7337f68c21f00b7ea31ab39e06a1130 100644 (file)
--- a/lib/ldb/common/ldb_dn.c
+++ b/lib/ldb/common/ldb_dn.c
@@ -586,6 +586,12 @@ static bool ldb_dn_explode(struct ldb_dn *dn)
 
                                p++;
                                *d++ = '\0';
+
+                               /*
+                                * This talloc_memdup() is OK with the
+                                * +1 because *d has been set to '\0'
+                                * just above
+                                */
                                dn->components[dn->comp_num].value.data = \
                                        (uint8_t *)talloc_memdup(dn->components, dt, l + 1);
                                dn->components[dn->comp_num].value.length = l;
@@ -708,6 +714,11 @@ static bool ldb_dn_explode(struct ldb_dn *dn)
        }
 
        *d++ = '\0';
+       /*
+        * This talloc_memdup() is OK with the
+        * +1 because *d has been set to '\0'
+        * just above.
+        */
        dn->components[dn->comp_num].value.length = l;
        dn->components[dn->comp_num].value.data =
                (uint8_t *)talloc_memdup(dn->components, dt, l + 1);