From c3719a6feef87dabfaf698cac89513b421fe1952 Mon Sep 17 00:00:00 2001 From: Arvid Requate Date: Mon, 31 Mar 2014 18:45:07 +0200 Subject: [PATCH] dfs_server: get_dcs: fix pointer list termination Should fix a potential SEGV e.g. in case searched_site == NULL and no objects with objectClass=site are found. Signed-off-by: Arvid Requate Reviewed-by: Andrew Bartlett Reviewed-by: Jeremy Allison --- dfs_server/dfs_server_ad.c | 11 ++++++++--- 1 file changed, 8 insertions(+), 3 deletions(-) diff --git a/dfs_server/dfs_server_ad.c b/dfs_server/dfs_server_ad.c index 5e2634fb7a1..3d93e19c989 100644 --- a/dfs_server/dfs_server_ad.c +++ b/dfs_server/dfs_server_ad.c @@ -366,7 +366,11 @@ static NTSTATUS get_dcs(TALLOC_CTX *ctx, struct ldb_context *ldb, /* All of this was to get the DN of the searched_site */ sitedn = r->msgs[0]->dn; - set_list = talloc_realloc(subctx, set_list, struct dc_set *, current_pos+1); + /* + * We will realloc + 2 because we will need one additional place + * for element at current_pos + 1 for the NULL element + */ + set_list = talloc_realloc(subctx, set_list, struct dc_set *, current_pos+2); if (set_list == NULL) { TALLOC_FREE(subctx); return NT_STATUS_NO_MEMORY; @@ -380,6 +384,9 @@ static NTSTATUS get_dcs(TALLOC_CTX *ctx, struct ldb_context *ldb, set_list[current_pos]->names = NULL; set_list[current_pos]->count = 0; + + set_list[current_pos+1] = NULL; + status = get_dcs_insite(subctx, ldb, sitedn, set_list[current_pos], need_fqdn); if (!NT_STATUS_IS_OK(status)) { @@ -468,8 +475,6 @@ static NTSTATUS get_dcs(TALLOC_CTX *ctx, struct ldb_context *ldb, } } } - current_pos++; - set_list[current_pos] = NULL; *pset_list = talloc_move(ctx, &set_list); talloc_free(subctx); -- 2.34.1