From 3f7481a220371e1a1ff0babae39e26f78a8948ad Mon Sep 17 00:00:00 2001
From: Sumit Bose <sbose@redhat.com>
Date: Tue, 26 May 2015 13:00:26 +0200
Subject: ipa-kdb: make string_to_sid() and dom_sid_string() more robust

Reviewed-By: Tomas Babej <tbabej@redhat.com>
---
 daemons/ipa-kdb/ipa_kdb_mspac.c | 11 ++++++++++-
 1 file changed, 10 insertions(+), 1 deletion(-)

diff --git a/daemons/ipa-kdb/ipa_kdb_mspac.c b/daemons/ipa-kdb/ipa_kdb_mspac.c
index 336d136e7..3c0dca839 100644
--- a/daemons/ipa-kdb/ipa_kdb_mspac.c
+++ b/daemons/ipa-kdb/ipa_kdb_mspac.c
@@ -96,6 +96,10 @@ int string_to_sid(const char *str, struct dom_sid *sid)
     char *t;
     int i;
 
+    if (str == NULL) {
+        return EINVAL;
+    }
+
     memset(sid, '\0', sizeof(struct dom_sid));
 
     s = str;
@@ -159,13 +163,18 @@ char *dom_sid_string(TALLOC_CTX *memctx, const struct dom_sid *dom_sid)
     uint32_t ia;
     char *buf;
 
-    if (dom_sid == NULL) {
+    if (dom_sid == NULL
+            || dom_sid->num_auths < 0
+            || dom_sid->num_auths > SID_SUB_AUTHS) {
         return NULL;
     }
 
     len = 25 + dom_sid->num_auths * 11;
 
     buf = talloc_zero_size(memctx, len);
+    if (buf == NULL) {
+        return NULL;
+    }
 
     ia = (dom_sid->id_auth[5]) +
          (dom_sid->id_auth[4] << 8 ) +
-- 
cgit