s4:kdc: Don’t corrupt domain groups structure if talloc_realloc() fails

Introduce a temporary variable instead of assigning the result of
talloc_realloc() directly to samr_RidWithAttributeArray::rids. In this
way we avoid having a structure with a non‐zero ‘count’ but with ‘rids’
set to the NULL pointer.

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

diff --git a/source4/kdc/pac-glue.c b/source4/kdc/pac-glue.c
index 8b6d4639cf6fb45ae7144c9ef25963e9557b7d41..b408e2e8efe9feb233f82273e71a61dc36c40a62 100644 (file)
--- a/source4/kdc/pac-glue.c
+++ b/source4/kdc/pac-glue.c
@@ -1715,6 +1715,7 @@ static krb5_error_code samba_kdc_add_domain_group_sid(struct PAC_DEVICE_INFO *in
        NTSTATUS status;
 
        struct PAC_DOMAIN_GROUP_MEMBERSHIP *domain_group = NULL;
+       struct samr_RidWithAttribute *rids = NULL;
 
        for (i = 0; i < info->domain_group_count; ++i) {
                struct PAC_DOMAIN_GROUP_MEMBERSHIP *this_domain_group
@@ -1727,19 +1728,23 @@ static krb5_error_code samba_kdc_add_domain_group_sid(struct PAC_DEVICE_INFO *in
        }
 
        if (domain_group == NULL) {
+               struct PAC_DOMAIN_GROUP_MEMBERSHIP *domain_groups = NULL;
+
                if (info->domain_group_count == UINT32_MAX) {
                        return EINVAL;
                }
 
-               info->domain_groups = talloc_realloc(
+               domain_groups = talloc_realloc(
                        info,
                        info->domain_groups,
                        struct PAC_DOMAIN_GROUP_MEMBERSHIP,
                        info->domain_group_count + 1);
-               if (info->domain_groups == NULL) {
+               if (domain_groups == NULL) {
                        return ENOMEM;
                }
 
+               info->domain_groups = domain_groups;
+
                domain_group = &info->domain_groups[
                        info->domain_group_count++];
 
@@ -1769,14 +1774,16 @@ static krb5_error_code samba_kdc_add_domain_group_sid(struct PAC_DEVICE_INFO *in
                return EINVAL;
        }
 
-       domain_group->groups.rids = talloc_realloc(info->domain_groups,
-                                                  domain_group->groups.rids,
-                                                  struct samr_RidWithAttribute,
-                                                  domain_group->groups.count + 1);
-       if (domain_group->groups.rids == NULL) {
+       rids = talloc_realloc(info->domain_groups,
+                             domain_group->groups.rids,
+                             struct samr_RidWithAttribute,
+                             domain_group->groups.count + 1);
+       if (rids == NULL) {
                return ENOMEM;
        }
 
+       domain_group->groups.rids = rids;
+
        domain_group->groups.rids[domain_group->groups.count].rid = rid;
        domain_group->groups.rids[domain_group->groups.count].attributes = sid->attributes;