r23982: Fix use-after-realloc() found by valgrind and mwallnoefer@yahoo.de.

author Andrew Bartlett <abartlet@samba.org>

Sat, 21 Jul 2007 10:14:46 +0000 (10:14 +0000)

committer Gerald (Jerry) Carter <jerry@samba.org>

Wed, 10 Oct 2007 20:01:15 +0000 (15:01 -0500)
author Andrew Bartlett <abartlet@samba.org>
Sat, 21 Jul 2007 10:14:46 +0000 (10:14 +0000)
committer Gerald (Jerry) Carter <jerry@samba.org>
Wed, 10 Oct 2007 20:01:15 +0000 (15:01 -0500)
diff --git a/source4/dsdb/samdb/ldb_modules/kludge_acl.c b/source4/dsdb/samdb/ldb_modules/kludge_acl.c

index 3aca12de5ffe2cbaff0d70fec60bf3152444498a..68ab3880e56f41eca09b19c7a1349b4faa99472e 100644 (file)
--- a/source4/dsdb/samdb/ldb_modules/kludge_acl.c
+++ b/source4/dsdb/samdb/ldb_modules/kludge_acl.c
@@ -115,7 +115,7 @@ struct kludge_acl_context {
  static int kludge_acl_allowedAttributes(struct ldb_context *ldb, struct ldb_message *msg,
                                                          const char *attrName) 
  {
-       struct ldb_message_element *oc_el = ldb_msg_find_element(msg, "objectClass");
+       struct ldb_message_element *oc_el;
         struct ldb_message_element *allowedAttributes;
         const struct dsdb_schema *schema = dsdb_get_schema(ldb);
         const struct dsdb_class *class;
@@ -125,6 +125,10 @@ static int kludge_acl_allowedAttributes(struct ldb_context *ldb, struct ldb_mess
                 return ret;
         }
         
+       /* To ensure that oc_el is valid, we must look for it after 
+          we alter the element array in ldb_msg_add_empty() */
+       oc_el = ldb_msg_find_element(msg, "objectClass");
+
         for (i=0; i < oc_el->num_values; i++) {
                 class = dsdb_class_by_lDAPDisplayName(schema, (const char *)oc_el->values[i].data);
                 if (!class) {
author	Andrew Bartlett <abartlet@samba.org>
	Sat, 21 Jul 2007 10:14:46 +0000 (10:14 +0000)
committer	Gerald (Jerry) Carter <jerry@samba.org>
	Wed, 10 Oct 2007 20:01:15 +0000 (15:01 -0500)