Fix #6130: Don't crash in winbindd_rpc lookup_groupmem() on unmapped members
authorVolker Lendecke <vl@samba.org>
Mon, 16 Mar 2009 12:17:04 +0000 (13:17 +0100)
committerVolker Lendecke <vl@samba.org>
Tue, 17 Mar 2009 20:19:32 +0000 (21:19 +0100)
Thanks to Fran├žois Legal <devel@thom.fr.eu.org> for reporting this bug

source3/winbindd/winbindd_rpc.c

index 0070bde2cc2cf478ceb46c601792238fdd5b60b9..2c0222e7c58e256e926aebf106a428d7c08f0c0f 100644 (file)
@@ -857,14 +857,15 @@ static NTSTATUS lookup_groupmem(struct winbindd_domain *domain,
                }
 
                for (r=0; r<tmp_names.count; r++) {
-                       (*names)[i+r] = fill_domain_username_talloc(mem_ctx,
-                                               domain->name,
-                                               tmp_names.names[r].string,
-                                               true);
-                       (*name_types)[i+r] = tmp_types.ids[r];
+                       if (tmp_types.ids[r] == SID_NAME_UNKNOWN) {
+                               continue;
+                       }
+                       (*names)[total_names] = fill_domain_username_talloc(
+                               mem_ctx, domain->name,
+                               tmp_names.names[r].string, true);
+                       (*name_types)[total_names] = tmp_types.ids[r];
+                       total_names += 1;
                }
-
-               total_names += tmp_names.count;
         }
 
         *num_names = total_names;