Don't segfault on invalid objectClass input.

[jelmer/samba4-debian.git] / source / dsdb / samdb / ldb_modules / objectclass.c

diff --git a/source/dsdb/samdb/ldb_modules/objectclass.c b/source/dsdb/samdb/ldb_modules/objectclass.c
index e63ad4de56b8e392a1bd9e5f1f88fc2d20f7d40a..537a56045d24af0003288023496469edd37d01b1 100644 (file)
--- a/source/dsdb/samdb/ldb_modules/objectclass.c
+++ b/source/dsdb/samdb/ldb_modules/objectclass.c
@@ -257,12 +257,17 @@ static DATA_BLOB *get_sd(struct ldb_module *module, TALLOC_CTX *mem_ctx,
        DATA_BLOB *linear_sd;
        struct auth_session_info *session_info
                = ldb_get_opaque(module->ldb, "sessionInfo");
-       struct security_descriptor *sd
-               = sddl_decode(mem_ctx, 
-                             objectclass->defaultSecurityDescriptor,
-                             samdb_domain_sid(module->ldb));
+       struct security_descriptor *sd;
 
-       if (!session_info || !session_info->security_token) {
+       if (!objectclass->defaultSecurityDescriptor) {
+               return NULL;
+       }
+       
+       sd = sddl_decode(mem_ctx, 
+                        objectclass->defaultSecurityDescriptor,
+                        samdb_domain_sid(module->ldb));
+
+       if (!sd || !session_info || !session_info->security_token) {
                return NULL;
        }
        
@@ -538,7 +543,9 @@ static int objectclass_do_add(struct ldb_handle *h)
                                }
                                if (!ldb_msg_find_element(msg, "nTSecurityDescriptor")) {
                                        DATA_BLOB *sd = get_sd(ac->module, mem_ctx, current->objectclass);
-                                       ldb_msg_add_steal_value(msg, "nTSecurityDescriptor", sd);
+                                       if (sd) {
+                                               ldb_msg_add_steal_value(msg, "nTSecurityDescriptor", sd);
+                                       }
                                }
                        }
                }