From b2c2ab134a75e6d326b7103fa59ef4fdb3a270f7 Mon Sep 17 00:00:00 2001 From: Pavel Březina Date: Nov 22 2013 14:19:41 +0000 Subject: pac: fix double free --- diff --git a/src/responder/pac/pacsrv_utils.c b/src/responder/pac/pacsrv_utils.c index 3e52047..d3d5e8b 100644 --- a/src/responder/pac/pacsrv_utils.c +++ b/src/responder/pac/pacsrv_utils.c @@ -74,6 +74,7 @@ errno_t get_sids_from_pac(TALLOC_CTX *mem_ctx, struct sss_domain_info *user_dom; struct sss_domain_info *group_dom; char *sid_str = NULL; + char *msid_str = NULL; char *user_dom_sid_str = NULL; size_t user_dom_sid_str_len; enum idmap_error_code err; @@ -229,23 +230,21 @@ errno_t get_sids_from_pac(TALLOC_CTX *mem_ctx, } - talloc_zfree(sid_str); - for(s = 0; s < info3->sidcount; s++) { err = sss_idmap_smb_sid_to_sid(pac_ctx->idmap_ctx, info3->sids[s].sid, - &sid_str); + &msid_str); if (err != IDMAP_SUCCESS) { DEBUG(SSSDBG_OP_FAILURE, ("sss_idmap_smb_sid_to_sid failed.\n")); ret = EFAULT; goto done; } - key.str = sid_str; + key.str = msid_str; value.ul = 0; - ret = responder_get_domain_by_id(pac_ctx->rctx, sid_str, &group_dom); + ret = responder_get_domain_by_id(pac_ctx->rctx, msid_str, &group_dom); if (ret == EOK) { - ret = sysdb_search_object_by_sid(mem_ctx, group_dom, sid_str, + ret = sysdb_search_object_by_sid(mem_ctx, group_dom, msid_str, NULL, &msg); if (ret == EOK && msg->count == 1 ) { value.ul = ldb_msg_find_attr_as_uint64(msg->msgs[0], @@ -255,14 +254,13 @@ errno_t get_sids_from_pac(TALLOC_CTX *mem_ctx, } ret = hash_enter(sid_table, &key, &value); + sss_idmap_free_sid(pac_ctx->idmap_ctx, msid_str); if (ret != HASH_SUCCESS) { DEBUG(SSSDBG_OP_FAILURE, ("hash_enter failed [%d][%s].\n", ret, hash_error_string(ret))); ret = EIO; goto done; } - - sss_idmap_free_sid(pac_ctx->idmap_ctx, sid_str); } ret = EOK;