From 7812ef4742902c39d56959179ed033f9f7ff8ab2 Mon Sep 17 00:00:00 2001
From: Jakub Hrozek <jhrozek@redhat.com>
Date: Tue, 29 Oct 2013 07:10:30 +0100
Subject: NSS: Fix service enumeration

The code wrote into the middle of the packet to a space that was already
reserved and allocated but then still advanced the pointer to the buffer.

https://fedorahosted.org/sssd/ticket/2124
---
 src/responder/nss/nsssrv_services.c | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/src/responder/nss/nsssrv_services.c b/src/responder/nss/nsssrv_services.c
index 79caa7d08..471cf31da 100644
--- a/src/responder/nss/nsssrv_services.c
+++ b/src/responder/nss/nsssrv_services.c
@@ -752,7 +752,11 @@ fill_service(struct sss_packet *packet,
             written_aliases++;
             talloc_zfree(tmpstr);
         }
-        SAFEALIGN_SET_UINT32(&body[aptr], written_aliases, &rsize);
+
+        /* We must not advance rsize here, the data has already been
+         * allocated and skipped earlier when aptr was assigned to.
+         */
+        SAFEALIGN_SET_UINT32(&body[aptr], written_aliases, NULL);
 
         num++;
     }
-- 
cgit