NSS: Fix service enumeration

The code wrote into the middle of the packet to a space that was already reserved and allocated but then still advanced the pointer to the buffer. https://fedorahosted.org/sssd/ticket/2124
author: Jakub Hrozek <jhrozek@redhat.com> 2013-10-29 07:10:30 +0100
committer: Jakub Hrozek <jhrozek@redhat.com> 2014-06-03 08:34:04 +0200
commit: b1c14d9e3c0d262d5ce6818e6734dcc2264677f7 (patch)
tree: d8cc304ce4ff1bb95b98f338eb518eb15fc6f1bd
parent: f52d80dccb56409c178aed4fb43c1ad0195d2a0a (diff)
download: sssd-b1c14d9e3c0d262d5ce6818e6734dcc2264677f7.tar.gz
sssd-b1c14d9e3c0d262d5ce6818e6734dcc2264677f7.tar.xz
sssd-b1c14d9e3c0d262d5ce6818e6734dcc2264677f7.zip
1 files changed, 5 insertions, 1 deletions
diff --git a/src/responder/nss/nsssrv_services.c b/src/responder/nss/nsssrv_services.c
index e56ad93a6..4c42229ed 100644
--- a/src/responder/nss/nsssrv_services.c
+++ b/src/responder/nss/nsssrv_services.c
@@ -751,7 +751,11 @@ fill_service(struct sss_packet *packet,
             written_aliases++;
             talloc_zfree(tmpstr);
         }
-        SAFEALIGN_SET_UINT32(&body[aptr], written_aliases, &rsize);
+
+        /* We must not advance rsize here, the data has already been
+         * allocated and skipped earlier when aptr was assigned to.
+         */
+        SAFEALIGN_SET_UINT32(&body[aptr], written_aliases, NULL);
 
         num++;
     }
author	Jakub Hrozek <jhrozek@redhat.com>	2013-10-29 07:10:30 +0100
committer	Jakub Hrozek <jhrozek@redhat.com>	2014-06-03 08:34:04 +0200
commit	b1c14d9e3c0d262d5ce6818e6734dcc2264677f7 (patch)
tree	d8cc304ce4ff1bb95b98f338eb518eb15fc6f1bd
parent	f52d80dccb56409c178aed4fb43c1ad0195d2a0a (diff)
download	sssd-b1c14d9e3c0d262d5ce6818e6734dcc2264677f7.tar.gz sssd-b1c14d9e3c0d262d5ce6818e6734dcc2264677f7.tar.xz sssd-b1c14d9e3c0d262d5ce6818e6734dcc2264677f7.zip