diff options
author | Jakub Hrozek <jhrozek@redhat.com> | 2013-10-29 07:10:30 +0100 |
---|---|---|
committer | Jakub Hrozek <jhrozek@redhat.com> | 2013-10-29 17:49:13 +0100 |
commit | b6b66fadc4261b2c1284e36b4fe2aa9028010f21 (patch) | |
tree | f1329dd12f53ea3b4dac22f673753c8a4fa75fc3 /src/responder/nss/nsssrv_services.c | |
parent | f52be2a69821d418ee2d3d7d820e017f8d045b51 (diff) | |
download | sssd-b6b66fadc4261b2c1284e36b4fe2aa9028010f21.tar.gz sssd-b6b66fadc4261b2c1284e36b4fe2aa9028010f21.tar.xz sssd-b6b66fadc4261b2c1284e36b4fe2aa9028010f21.zip |
NSS: Fix service enumeration
The code wrote into the middle of the packet to a space that was already
reserved and allocated but then still advanced the pointer to the buffer.
https://fedorahosted.org/sssd/ticket/2124
Diffstat (limited to 'src/responder/nss/nsssrv_services.c')
-rw-r--r-- | src/responder/nss/nsssrv_services.c | 6 |
1 files changed, 5 insertions, 1 deletions
diff --git a/src/responder/nss/nsssrv_services.c b/src/responder/nss/nsssrv_services.c index 79caa7d08..471cf31da 100644 --- a/src/responder/nss/nsssrv_services.c +++ b/src/responder/nss/nsssrv_services.c @@ -752,7 +752,11 @@ fill_service(struct sss_packet *packet, written_aliases++; talloc_zfree(tmpstr); } - SAFEALIGN_SET_UINT32(&body[aptr], written_aliases, &rsize); + + /* We must not advance rsize here, the data has already been + * allocated and skipped earlier when aptr was assigned to. + */ + SAFEALIGN_SET_UINT32(&body[aptr], written_aliases, NULL); num++; } |