1 files changed, 13 insertions, 4 deletions

diff --git a/source/lib/util_sid.c b/source/lib/util_sid.c
index 71d80c9c6b0..74dcc2d2371 100644
--- a/source/lib/util_sid.c
+++ b/source/lib/util_sid.c
@@ -366,23 +366,30 @@ char *sid_to_string(fstring sidstr_out, DOM_SID *sid)
  Convert a string to a SID. Returns True on success, False on fail.
 *****************************************************************/  
    
-BOOL string_to_sid(DOM_SID *sidout, char *sidstr)
+BOOL string_to_sid(DOM_SID *sidout, const char *sidstr)
 {
   pstring tok;
-  char *p = sidstr;
+  char *p;
   /* BIG NOTE: this function only does SIDS where the identauth is not >= 2^32 */
   uint32 ia;
 
-  memset((char *)sidout, '\0', sizeof(DOM_SID));
 
   if (StrnCaseCmp( sidstr, "S-", 2)) {
     DEBUG(0,("string_to_sid: Sid %s does not start with 'S-'.\n", sidstr));
     return False;
   }
 
-  p += 2;
+  memset((char *)sidout, '\0', sizeof(DOM_SID));
+  
+  p = strdup(sidstr + 2);
+  if (p == NULL) {
+    DEBUG(0, ("string_to_sid: out of memory!\n"));
+    return False;
+  }
+  
   if (!next_token(&p, tok, "-", sizeof(tok))) {
     DEBUG(0,("string_to_sid: Sid %s is not in a valid format.\n", sidstr));
+    SAFE_FREE(p);
     return False;
   }
 
@@ -391,6 +398,7 @@ BOOL string_to_sid(DOM_SID *sidout, char *sidstr)
 
   if (!next_token(&p, tok, "-", sizeof(tok))) {
     DEBUG(0,("string_to_sid: Sid %s is not in a valid format.\n", sidstr));
+    SAFE_FREE(p);
     return False;
   }
 
@@ -418,6 +426,7 @@ BOOL string_to_sid(DOM_SID *sidout, char *sidstr)
 
   DEBUG(7,("string_to_sid: converted SID %s ok\n", sidstr));
 
+  SAFE_FREE(p);
   return True;
 }