idmap_autorid: fix status code when trying to load range for an invalid input

The "sid" input needs to be verified (it can currently be a SID or "ALLOC"). When handing in string that is valid for other kinds of records, but not for the SID[#IDX]-->RANGE direction of mappings, like for instance a range number, then we get "NT_STATUS_INTERNAL_DB_CORRUPTION" because parse records finds the record, but it does not have the expected size... This patch fixes this problem by pre-validating the input before fetching the record from the database. Signed-off-by: Michael Adam <obnox@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
author: Michael Adam <obnox@samba.org> 2013-11-05 13:46:15 +0100
committer: Jeremy Allison <jra@samba.org> 2013-11-07 14:01:36 -0800
commit: 1524dc6006071d99d1a61c53301a25de91cda07d (patch)
tree: 8201a91ea161383a9cf7eeb85775a47858fc7579 /source3
parent: 066915f29d20676335a88e93d4148713ec37ace7 (diff)
1 files changed, 6 insertions, 0 deletions
diff --git a/source3/winbindd/idmap_autorid_tdb.c b/source3/winbindd/idmap_autorid_tdb.c
index 6896268e71..e06cb21a3e 100644
--- a/source3/winbindd/idmap_autorid_tdb.c
+++ b/source3/winbindd/idmap_autorid_tdb.c
@@ -304,6 +304,12 @@ static NTSTATUS idmap_autorid_getrange_int(struct db_context *db,
 		goto done;
 	}
 
+	if (!idmap_autorid_validate_sid(range->domsid)) {
+		DEBUG(3, ("Invalid SID: '%s'\n", range->domsid));
+		status = NT_STATUS_INVALID_PARAMETER;
+		goto done;
+	}
+
 	idmap_autorid_build_keystr(range->domsid, range->domain_range_index,
 				   keystr);
author	Michael Adam <obnox@samba.org>	2013-11-05 13:46:15 +0100
committer	Jeremy Allison <jra@samba.org>	2013-11-07 14:01:36 -0800
commit	1524dc6006071d99d1a61c53301a25de91cda07d (patch)
tree	8201a91ea161383a9cf7eeb85775a47858fc7579 /source3
parent	066915f29d20676335a88e93d4148713ec37ace7 (diff)