From 47bc6c387ab1d3f835167c528bb57f688080af1a Mon Sep 17 00:00:00 2001 From: Pavel Březina Date: Mon, 11 Nov 2013 12:47:53 +0100 Subject: pac: fix double free --- src/responder/pac/pacsrv_utils.c | 14 ++++++-------- 1 file changed, 6 insertions(+), 8 deletions(-) diff --git a/src/responder/pac/pacsrv_utils.c b/src/responder/pac/pacsrv_utils.c index 6a6ea2e35..a82320fca 100644 --- a/src/responder/pac/pacsrv_utils.c +++ b/src/responder/pac/pacsrv_utils.c @@ -74,6 +74,7 @@ errno_t get_sids_from_pac(TALLOC_CTX *mem_ctx, struct sss_domain_info *user_dom; struct sss_domain_info *group_dom; char *sid_str = NULL; + char *msid_str = NULL; char *user_dom_sid_str = NULL; size_t user_dom_sid_str_len; enum idmap_error_code err; @@ -231,24 +232,22 @@ errno_t get_sids_from_pac(TALLOC_CTX *mem_ctx, } - talloc_zfree(sid_str); - for(s = 0; s < info3->sidcount; s++) { err = sss_idmap_smb_sid_to_sid(pac_ctx->idmap_ctx, info3->sids[s].sid, - &sid_str); + &msid_str); if (err != IDMAP_SUCCESS) { DEBUG(SSSDBG_OP_FAILURE, ("sss_idmap_smb_sid_to_sid failed.\n")); ret = EFAULT; goto done; } - key.str = sid_str; + key.str = msid_str; value.ul = 0; - ret = responder_get_domain_by_id(pac_ctx->rctx, sid_str, &group_dom); + ret = responder_get_domain_by_id(pac_ctx->rctx, msid_str, &group_dom); if (ret == EOK) { ret = sysdb_search_object_by_sid(mem_ctx, group_dom->sysdb, - group_dom, sid_str, NULL, &msg); + group_dom, msid_str, NULL, &msg); if (ret == EOK && msg->count == 1 ) { value.ul = ldb_msg_find_attr_as_uint64(msg->msgs[0], SYSDB_GIDNUM, 0); @@ -257,14 +256,13 @@ errno_t get_sids_from_pac(TALLOC_CTX *mem_ctx, } ret = hash_enter(sid_table, &key, &value); + sss_idmap_free_sid(pac_ctx->idmap_ctx, msid_str); if (ret != HASH_SUCCESS) { DEBUG(SSSDBG_OP_FAILURE, ("hash_enter failed [%d][%s].\n", ret, hash_error_string(ret))); ret = EIO; goto done; } - - sss_idmap_free_sid(pac_ctx->idmap_ctx, sid_str); } ret = EOK; -- cgit