winbindd: Ensure we do not look at rid_array before checking if it was returned

We no longer return early if there are no members, we just return an empty array.

Fixes bug #10627 - rid_array used before status checked - segmentation fault due to null pointer dereference

https://bugzilla.samba.org/show_bug.cgi?id=10627

Change-Id: I7b0949e0c0b9277426a8007514a8658615f6c709
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: David Disseldorp <ddiss@samba.org>
Autobuild-User(v4-1-test): Karolin Seeger <kseeger@samba.org>
Autobuild-Date(v4-1-test): Tue Jun 10 13:08:54 CEST 2014 on sn-devel-104

diff --git a/source3/winbindd/winbindd_rpc.c b/source3/winbindd/winbindd_rpc.c
index 0986d825d9aa4fd19b7bbb50fb270fdecd97407a..148683f73b4378da6d19c550600d4ffa796ca0b2 100644 (file)
--- a/source3/winbindd/winbindd_rpc.c
+++ b/source3/winbindd/winbindd_rpc.c
@@ -580,8 +580,6 @@ NTSTATUS rpc_lookup_usergroups(TALLOC_CTX *mem_ctx,
                                              &user_policy,
                                              &rid_array,
                                              &result);
-       num_groups = rid_array->count;
-
        {
                NTSTATUS _result;
                dcerpc_samr_Close(b, mem_ctx, &user_policy, &_result);
@@ -590,10 +588,12 @@ NTSTATUS rpc_lookup_usergroups(TALLOC_CTX *mem_ctx,
        if (!NT_STATUS_IS_OK(status)) {
                return status;
        }
-       if (!NT_STATUS_IS_OK(result) || num_groups == 0) {
+       if (!NT_STATUS_IS_OK(result)) {
                return result;
        }
 
+       num_groups = rid_array->count;
+
        user_grpsids = talloc_array(mem_ctx, struct dom_sid, num_groups);
        if (user_grpsids == NULL) {
                status = NT_STATUS_NO_MEMORY;