r22852: merge fixes for CVE-2007-2446 and CVE-2007-2447 to all branches

author: Gerald Carter <jerry@samba.org> 2007-05-14 14:23:51 +0000
committer: Gerald (Jerry) Carter <jerry@samba.org> 2007-10-10 12:22:02 -0500
commit: f65214be68c1a59d9598bfb9f3b19e71cc3fa07b (patch)
tree: 3b6d5bb88d2724a53b94fbf96d5b279e346c4536 /source/rpc_parse/parse_sec.c
parent: 34f77af02e2073ccaabe1583011abeeabbbb24e1 (diff)
download: samba-f65214be68c1a59d9598bfb9f3b19e71cc3fa07b.tar.gz
samba-f65214be68c1a59d9598bfb9f3b19e71cc3fa07b.tar.xz
samba-f65214be68c1a59d9598bfb9f3b19e71cc3fa07b.zip
1 files changed, 6 insertions, 7 deletions
diff --git a/source/rpc_parse/parse_sec.c b/source/rpc_parse/parse_sec.c
index bc330622648..72accad1b6c 100644
--- a/source/rpc_parse/parse_sec.c
+++ b/source/rpc_parse/parse_sec.c
@@ -183,13 +183,12 @@ BOOL sec_io_acl(const char *desc, SEC_ACL **ppsa, prs_struct *ps, int depth)
 		return False;
 
 	if (UNMARSHALLING(ps)) {
-		/*
-		 * Even if the num_aces is zero, allocate memory as there's a difference
-		 * between a non-present DACL (allow all access) and a DACL with no ACE's
-		 * (allow no access).
-		 */
-		if((psa->aces = PRS_ALLOC_MEM(ps, SEC_ACE, psa->num_aces+1)) == NULL)
-			return False;
+		if (psa->num_aces) {
+			if((psa->aces = PRS_ALLOC_MEM(ps, SEC_ACE, psa->num_aces)) == NULL)
+				return False;
+		} else {
+			psa->aces = NULL;
+		}
 	}
 
 	for (i = 0; i < psa->num_aces; i++) {
author	Gerald Carter <jerry@samba.org>	2007-05-14 14:23:51 +0000
committer	Gerald (Jerry) Carter <jerry@samba.org>	2007-10-10 12:22:02 -0500
commit	f65214be68c1a59d9598bfb9f3b19e71cc3fa07b (patch)
tree	3b6d5bb88d2724a53b94fbf96d5b279e346c4536 /source/rpc_parse/parse_sec.c
parent	34f77af02e2073ccaabe1583011abeeabbbb24e1 (diff)
download	samba-f65214be68c1a59d9598bfb9f3b19e71cc3fa07b.tar.gz samba-f65214be68c1a59d9598bfb9f3b19e71cc3fa07b.tar.xz samba-f65214be68c1a59d9598bfb9f3b19e71cc3fa07b.zip