From f65214be68c1a59d9598bfb9f3b19e71cc3fa07b Mon Sep 17 00:00:00 2001
From: Gerald Carter <jerry@samba.org>
Date: Mon, 14 May 2007 14:23:51 +0000
Subject: r22852: merge fixes for CVE-2007-2446 and CVE-2007-2447 to all
 branches

---
 source/rpc_parse/parse_sec.c | 13 ++++++-------
 1 file changed, 6 insertions(+), 7 deletions(-)

(limited to 'source/rpc_parse/parse_sec.c')

diff --git a/source/rpc_parse/parse_sec.c b/source/rpc_parse/parse_sec.c
index bc330622648..72accad1b6c 100644
--- a/source/rpc_parse/parse_sec.c
+++ b/source/rpc_parse/parse_sec.c
@@ -183,13 +183,12 @@ BOOL sec_io_acl(const char *desc, SEC_ACL **ppsa, prs_struct *ps, int depth)
 		return False;
 
 	if (UNMARSHALLING(ps)) {
-		/*
-		 * Even if the num_aces is zero, allocate memory as there's a difference
-		 * between a non-present DACL (allow all access) and a DACL with no ACE's
-		 * (allow no access).
-		 */
-		if((psa->aces = PRS_ALLOC_MEM(ps, SEC_ACE, psa->num_aces+1)) == NULL)
-			return False;
+		if (psa->num_aces) {
+			if((psa->aces = PRS_ALLOC_MEM(ps, SEC_ACE, psa->num_aces)) == NULL)
+				return False;
+		} else {
+			psa->aces = NULL;
+		}
 	}
 
 	for (i = 0; i < psa->num_aces; i++) {
-- 
cgit