r13606: An attempt to fix #3525.
authorAndrew Bartlett <abartlet@samba.org>
Wed, 22 Feb 2006 00:26:56 +0000 (00:26 +0000)
committerGerald (Jerry) Carter <jerry@samba.org>
Wed, 10 Oct 2007 18:51:59 +0000 (13:51 -0500)
The problem was that the supportedControls were being stolen into the
result sent to the client, then talloc_free()ed.  This caused them to
be invalid on the next rootDSE query.

This also tries to avoid attaching the result to the long-term samdb
context, and avoids an extra loop in the result processing (pointed
out by tridge).

Andrew BARtlett

source/dsdb/samdb/ldb_modules/rootdse.c
source/ldap_server/ldap_backend.c

index 5f5b362c536a0c2fd9a3662a88b1e9f161e43bdd..96236301b05638714d32d417bec8398b69846bbd 100644 (file)
@@ -73,8 +73,12 @@ static int rootdse_add_dynamic(struct ldb_module *module, struct ldb_request *re
        if (do_attribute(s->attrs, "supportedControl")) {
                int i;
                for (i = 0; i < priv->num_controls; i++) {
+                       char *control = talloc_strdup(msg, priv->controls[i]);
+                       if (!control) {
+                               goto failed;
+                       }
                        if (ldb_msg_add_string(msg, "supportedControl",
-                                               priv->controls[i]) != 0) {
+                                              control) != 0) {
                                goto failed;
                        }
                }
index 37e45ce3e6531d2b493a0866b44ff622c5cb50b4..1399ac18e48fff30cb3caa08ab79d424768845e9 100644 (file)
@@ -153,7 +153,7 @@ static NTSTATUS ldapsrv_SearchRequest(struct ldapsrv_call *call)
        struct ldap_Result *done;
        struct ldapsrv_reply *ent_r, *done_r;
        void *local_ctx;
-       struct ldb_context *samdb = call->conn->ldb;
+       struct ldb_context *samdb = talloc_get_type(call->conn->ldb, struct ldb_context);
        struct ldb_dn *basedn;
        struct ldb_result *res = NULL;
        struct ldb_request lreq;
@@ -163,13 +163,13 @@ static NTSTATUS ldapsrv_SearchRequest(struct ldapsrv_call *call)
        int success_limit = 1;
        int result = LDAP_SUCCESS;
        int ldb_ret;
-       int i, j, y;
+       int i, j;
 
        DEBUG(10, ("SearchRequest"));
        DEBUGADD(10, (" basedn: %s", req->basedn));
        DEBUGADD(10, (" filter: %s\n", ldb_filter_from_tree(call, req->tree)));
 
-       local_ctx = talloc_named(call, 0, "sldb_Search local memory context");
+       local_ctx = talloc_new(call);
        NT_STATUS_HAVE_NO_MEMORY(local_ctx);
 
        basedn = ldb_dn_explode(local_ctx, req->basedn);
@@ -228,7 +228,8 @@ static NTSTATUS ldapsrv_SearchRequest(struct ldapsrv_call *call)
 
        ldb_ret = ldb_request(samdb, &lreq);
 
-       res = talloc_steal(samdb, lreq.op.search.res);
+       /* Ensure we don't keep the search results around for too long */
+       res = talloc_steal(local_ctx, lreq.op.search.res);
 
        if (ldb_ret == LDB_SUCCESS) {
                for (i = 0; i < res->count; i++) {
@@ -253,14 +254,8 @@ static NTSTATUS ldapsrv_SearchRequest(struct ldapsrv_call *call)
                                        continue;
                                }
                                ent->attributes[j].num_values = res->msgs[i]->elements[j].num_values;
-                               ent->attributes[j].values = talloc_array(ent->attributes,
-                                                               DATA_BLOB, ent->attributes[j].num_values);
-                               NT_STATUS_HAVE_NO_MEMORY(ent->attributes[j].values);
-                               for (y=0; y < ent->attributes[j].num_values; y++) {
-                                       ent->attributes[j].values[y].length = res->msgs[i]->elements[j].values[y].length;
-                                       ent->attributes[j].values[y].data = talloc_steal(ent->attributes[j].values,
-                                                                               res->msgs[i]->elements[j].values[y].data);
-                               }
+                               ent->attributes[j].values = res->msgs[i]->elements[j].values;
+                               talloc_steal(ent->attributes, res->msgs[i]->elements[j].values);
                        }
 queue_reply:
                        ldapsrv_queue_reply(call, ent_r);
@@ -287,6 +282,7 @@ reply:
                }
                if (res->controls) {
                        done_r->msg->controls = (struct ldap_Control **)(res->controls);
+                       talloc_steal(done_r, res->controls);
                }
        } else {
                DEBUG(10,("SearchRequest: error\n"));