From 0b926a27d8984a3e8ad9cefa49981f9ab2dd6480 Mon Sep 17 00:00:00 2001
From: Stefan Metzmacher <metze@samba.org>
Date: Mon, 13 Aug 2012 15:33:49 +0200
Subject: s4:dsdb/repl: make sure instanceType_e is not changed by a
 reallocation
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Pair-Programmed-With: Björn Baumbach <bb@sernet.de>

metze
---
 source4/dsdb/repl/replicated_objects.c | 12 +++++++++++-
 1 file changed, 11 insertions(+), 1 deletion(-)

(limited to 'source4')

diff --git a/source4/dsdb/repl/replicated_objects.c b/source4/dsdb/repl/replicated_objects.c
index cd664e3656e..91ca4b89a22 100644
--- a/source4/dsdb/repl/replicated_objects.c
+++ b/source4/dsdb/repl/replicated_objects.c
@@ -372,7 +372,6 @@ WERROR dsdb_convert_object_ex(struct ldb_context *ldb,
 		   must be used on the client with TYPE_WRITE removed
 		*/
 		if (instanceType & INSTANCE_TYPE_WRITE) {
-			instanceType &= ~INSTANCE_TYPE_WRITE;
 			/*
 			 * Make sure we do not change the order
 			 * of msg->elements!
@@ -382,7 +381,18 @@ WERROR dsdb_convert_object_ex(struct ldb_context *ldb,
 			 * instead of
 			 * ldb_msg_remove_attr(msg, "instanceType");
 			 */
+			struct ldb_message_element *e;
+
+			e = ldb_msg_find_element(msg, "instanceType");
+			if (e != instanceType_e) {
+				DEBUG(0,("instanceType_e[%p] changed to e[%p]\n",
+					 instanceType_e, e));
+				return WERR_FOOBAR;
+			}
+
 			instanceType_e->num_values = 0;
+
+			instanceType &= ~INSTANCE_TYPE_WRITE;
 			if (ldb_msg_add_fmt(msg, "instanceType", "%d", instanceType) != LDB_SUCCESS) {
 				return WERR_INTERNAL_ERROR;
 			}
-- 
cgit