r17875: Fix (rather theoretical, but still...) null deref found by

author Jeremy Allison <jra@samba.org>

Mon, 28 Aug 2006 05:22:10 +0000 (05:22 +0000)

committer Gerald (Jerry) Carter <jerry@samba.org>

Wed, 10 Oct 2007 16:38:56 +0000 (11:38 -0500)
author Jeremy Allison <jra@samba.org>
Mon, 28 Aug 2006 05:22:10 +0000 (05:22 +0000)
committer Gerald (Jerry) Carter <jerry@samba.org>
Wed, 10 Oct 2007 16:38:56 +0000 (11:38 -0500)
diff --git a/source/auth/auth_util.c b/source/auth/auth_util.c

index 2c20beb33c8c507bf8eadea64220d86e8b95d7c9..26d1eb710f693c36a9465782a6faf396232f1215 100644 (file)
--- a/source/auth/auth_util.c
+++ b/source/auth/auth_util.c
@@ -1988,16 +1988,19 @@ NT_USER_TOKEN *dup_nt_token(TALLOC_CTX *mem_ctx, NT_USER_TOKEN *ptoken)
                 return NULL;
         }
  
-       token->user_sids = (DOM_SID *)talloc_memdup(
-               token, ptoken->user_sids, sizeof(DOM_SID) * ptoken->num_sids );
+       ZERO_STRUCTP(token);
  
-       if ((ptoken->user_sids != NULL) && (token->user_sids == NULL)) {
-               DEBUG(0, ("talloc_memdup failed\n"));
-               TALLOC_FREE(token);
-               return NULL;
-       }
+       if (ptoken->user_sids && ptoken->num_sids) {
+               token->user_sids = (DOM_SID *)talloc_memdup(
+                       token, ptoken->user_sids, sizeof(DOM_SID) * ptoken->num_sids );
  
-       token->num_sids = ptoken->num_sids;
+               if (token->user_sids == NULL) {
+                       DEBUG(0, ("talloc_memdup failed\n"));
+                       TALLOC_FREE(token);
+                       return NULL;
+               }
+               token->num_sids = ptoken->num_sids;
+       }
         
         /* copy the privileges; don't consider failure to be critical here */
author	Jeremy Allison <jra@samba.org>
	Mon, 28 Aug 2006 05:22:10 +0000 (05:22 +0000)
committer	Gerald (Jerry) Carter <jerry@samba.org>
	Wed, 10 Oct 2007 16:38:56 +0000 (11:38 -0500)