s4:rpc_server/lsa: make sure dcesrv_lsa_LookupSids_common() gets prepared [ref] pointers

author Stefan Metzmacher <metze@samba.org>

Mon, 20 Mar 2017 11:56:00 +0000 (12:56 +0100)

committer Ralph Boehme <slow@samba.org>

Wed, 21 Feb 2018 13:19:18 +0000 (14:19 +0100)
author Stefan Metzmacher <metze@samba.org>
Mon, 20 Mar 2017 11:56:00 +0000 (12:56 +0100)
committer Ralph Boehme <slow@samba.org>
Wed, 21 Feb 2018 13:19:18 +0000 (14:19 +0100)
diff --git a/source4/rpc_server/lsa/lsa_lookup.c b/source4/rpc_server/lsa/lsa_lookup.c

index d0361417ef9440da41c93cddc6d6467e139095a4..c2931c182c4aa428e7c1e8ff201c91da8e420ca8 100644 (file)
--- a/source4/rpc_server/lsa/lsa_lookup.c
+++ b/source4/rpc_server/lsa/lsa_lookup.c
@@ -596,13 +596,16 @@ static NTSTATUS dcesrv_lsa_LookupSids_common(struct dcesrv_call_state *dce_call,
         NTSTATUS status = NT_STATUS_OK;
         uint32_t i;
  
+       *r->out.domains = NULL;
+       r->out.names->count = 0;
+       r->out.names->names = NULL;
+       *r->out.count = 0;
+
         if (r->in.level < LSA_LOOKUP_NAMES_ALL ||
             r->in.level > LSA_LOOKUP_NAMES_RODC_REFERRAL_TO_FULL_DC) {
                 return NT_STATUS_INVALID_PARAMETER;
         }
  
-       *r->out.domains = NULL;
-
         /* NOTE: the WSPP test suite tries SIDs with invalid revision numbers,
            and expects NT_STATUS_INVALID_PARAMETER back - we just treat it as 
            an unknown SID. We could add a SID validator here. (tridge) 
@@ -615,13 +618,6 @@ static NTSTATUS dcesrv_lsa_LookupSids_common(struct dcesrv_call_state *dce_call,
         }
         *r->out.domains = domains;
  
-       r->out.names = talloc_zero(mem_ctx,  struct lsa_TransNameArray2);
-       if (r->out.names == NULL) {
-               return NT_STATUS_NO_MEMORY;
-       }
-
-       *r->out.count = 0;
-
         r->out.names->names = talloc_array(r->out.names, struct lsa_TranslatedName2, 
                                              r->in.sids->num_sids);
         if (r->out.names->names == NULL) {
@@ -739,6 +735,11 @@ NTSTATUS dcesrv_lsa_LookupSids3(struct dcesrv_call_state *dce_call,
                 DCESRV_FAULT(DCERPC_FAULT_ACCESS_DENIED);
         }
  
+       *r->out.domains = NULL;
+       r->out.names->count = 0;
+       r->out.names->names = NULL;
+       *r->out.count = 0;
+
         status = dcesrv_lsa_get_policy_state(dce_call, mem_ctx,
                                              0, /* we skip access checks */
                                              &policy_state);
@@ -790,17 +791,28 @@ NTSTATUS dcesrv_lsa_LookupSids(struct dcesrv_call_state *dce_call, TALLOC_CTX *m
                 DCESRV_FAULT(DCERPC_FAULT_ACCESS_DENIED);
         }
  
+       *r->out.domains = NULL;
+       r->out.names->count = 0;
+       r->out.names->names = NULL;
+       *r->out.count = 0;
+
         ZERO_STRUCT(r2);
  
         r2.in.handle   = r->in.handle;
         r2.in.sids     = r->in.sids;
-       r2.in.names    = NULL;
+       r2.in.names    = talloc_zero(mem_ctx, struct lsa_TransNameArray2);
+       if (r2.in.names == NULL) {
+               return NT_STATUS_NO_MEMORY;
+       }
         r2.in.level    = r->in.level;
         r2.in.count    = r->in.count;
         r2.in.lookup_options = LSA_LOOKUP_OPTION_SEARCH_ISOLATED_NAMES;
         r2.in.client_revision = LSA_CLIENT_REVISION_1;
         r2.out.count   = r->out.count;
-       r2.out.names   = NULL;
+       r2.out.names   = talloc_zero(mem_ctx, struct lsa_TransNameArray2);
+       if (r2.out.names == NULL) {
+               return NT_STATUS_NO_MEMORY;
+       }
         r2.out.domains = r->out.domains;
  
         status = dcesrv_lsa_LookupSids2(dce_call, mem_ctx, &r2);
author	Stefan Metzmacher <metze@samba.org>
	Mon, 20 Mar 2017 11:56:00 +0000 (12:56 +0100)
committer	Ralph Boehme <slow@samba.org>
	Wed, 21 Feb 2018 13:19:18 +0000 (14:19 +0100)