git.samba.org / obnox / samba / samba-obnox.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: e93affb)
winbindd: Do not use user_list->out.resume_index after free
authorAndrew Bartlett <abartlet@samba.org>
Tue, 2 Sep 2014 05:03:34 +0000 (17:03 +1200)
committerAndrew Bartlett <abartlet@samba.org>
Mon, 8 Sep 2014 05:26:34 +0000 (07:26 +0200)
Found by AddressSanitizer

Change-Id: I9f8b95b65de788994a7404fa8889fce45ccb3a30
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Kamen Mazdrashki <kamenim@samba.org>
source4/winbind/wb_cmd_setpwent.c patch | blob | history

diff --git a/source4/winbind/wb_cmd_setpwent.c b/source4/winbind/wb_cmd_setpwent.c
index 8164d6f19987dd601548739c7e2e7cab11e8457b..ab9fd2ef949182cc20f6b2b018650b01cab1030a 100644 (file)
--- a/source4/winbind/wb_cmd_setpwent.c
+++ b/source4/winbind/wb_cmd_setpwent.c
@@ -115,6 +115,9 @@ static void cmd_setpwent_recv_user_list(struct composite_context *ctx)
                                                  user_list);
        if (NT_STATUS_IS_OK(state->ctx->status) ||
                NT_STATUS_EQUAL(state->ctx->status, STATUS_MORE_ENTRIES)) {
+
+               uint32_t resume_index = user_list->out.resume_index;
+
                if (state->result->page_index == -1) { /* First run*/
                        state->result->user_list = user_list;
                        state->result->page_index = 0;
@@ -133,7 +136,7 @@ static void cmd_setpwent_recv_user_list(struct composite_context *ctx)
                                        = talloc_strdup(state->result, user_list->out.users[i].username);
                        }
                        state->result->user_list->out.count = cnt;
-                       talloc_free(user_list);
+                       TALLOC_FREE(user_list);
                }
 
                if (NT_STATUS_IS_OK(state->ctx->status) ) {
@@ -142,7 +145,7 @@ static void cmd_setpwent_recv_user_list(struct composite_context *ctx)
                        user_list_send = talloc(state->result, struct libnet_UserList);
                        if (composite_nomem(user_list_send, state->ctx)) return;
                        user_list_send->in.domain_name =  talloc_strdup(state, state->domain_name);
-                       user_list_send->in.resume_index = user_list->out.resume_index;
+                       user_list_send->in.resume_index = resume_index;
                        user_list_send->in.page_size = 128;
                        ctx = libnet_UserList_send(state->libnet_ctx, state->result, user_list_send, NULL);
                        composite_continue(state->ctx, ctx, cmd_setpwent_recv_user_list, state);
Michael's Samba GIT