Don't segfault on invalid objectClass input.
authorAndrew Bartlett <abartlet@samba.org>
Wed, 12 Mar 2008 23:27:09 +0000 (10:27 +1100)
committerAndrew Bartlett <abartlet@samba.org>
Wed, 12 Mar 2008 23:27:09 +0000 (10:27 +1100)
If the objectClass found does not include a defaultSecurityDescriptor,
then we should not segfault in the SDDL parser.

Andrew Bartlett
(This used to be commit 5a92771fb55149fcf24f21f30e4c6a622bef44f8)

source4/dsdb/samdb/ldb_modules/objectclass.c

index e63ad4de56b8e392a1bd9e5f1f88fc2d20f7d40a..537a56045d24af0003288023496469edd37d01b1 100644 (file)
@@ -257,12 +257,17 @@ static DATA_BLOB *get_sd(struct ldb_module *module, TALLOC_CTX *mem_ctx,
        DATA_BLOB *linear_sd;
        struct auth_session_info *session_info
                = ldb_get_opaque(module->ldb, "sessionInfo");
-       struct security_descriptor *sd
-               = sddl_decode(mem_ctx, 
-                             objectclass->defaultSecurityDescriptor,
-                             samdb_domain_sid(module->ldb));
+       struct security_descriptor *sd;
 
-       if (!session_info || !session_info->security_token) {
+       if (!objectclass->defaultSecurityDescriptor) {
+               return NULL;
+       }
+       
+       sd = sddl_decode(mem_ctx, 
+                        objectclass->defaultSecurityDescriptor,
+                        samdb_domain_sid(module->ldb));
+
+       if (!sd || !session_info || !session_info->security_token) {
                return NULL;
        }
        
@@ -538,7 +543,9 @@ static int objectclass_do_add(struct ldb_handle *h)
                                }
                                if (!ldb_msg_find_element(msg, "nTSecurityDescriptor")) {
                                        DATA_BLOB *sd = get_sd(ac->module, mem_ctx, current->objectclass);
-                                       ldb_msg_add_steal_value(msg, "nTSecurityDescriptor", sd);
+                                       if (sd) {
+                                               ldb_msg_add_steal_value(msg, "nTSecurityDescriptor", sd);
+                                       }
                                }
                        }
                }