b9901fe NSS: Fix use after free

2 files Authored by lslebodn 5 years ago, Committed by jhrozek 5 years ago,
    NSS: Fix use after free
    
    It can happed if there are two domains and user is not found
    in the first one.
    
    ==29279== Invalid read of size 1
    ==29279==    at 0x4C2CBA2: strlen (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so)
    ==29279==    by 0x89A7AC4: talloc_strdup (in /usr/lib64/libtalloc.so.2.1.2)
    ==29279==    by 0x11668A: nss_cmd_initgroups_search (nsssrv_cmd.c:4191)
    ==29279==    by 0x118B27: nss_cmd_getby_dp_callback (nsssrv_cmd.c:1208)
    ==29279==    by 0x10F2B4: nsssrv_dp_send_acct_req_done (nsssrv_cmd.c:759)
    ==29279==    by 0x126AFB: sss_dp_internal_get_done (responder_dp.c:802)
    ==29279==    by 0x56EA861: ??? (in /usr/lib64/libdbus-1.so.3.7.4)
    ==29279==    by 0x56EDB50: dbus_connection_dispatch (in /usr/lib64/libdbus-1.so.3.7.4)
    ==29279==    by 0x50721E1: sbus_dispatch (sssd_dbus_connection.c:96)
    ==29279==    by 0x879B22E: tevent_common_loop_timer_delay (tevent_timed.c:341)
    ==29279==    by 0x879C239: epoll_event_loop_once (tevent_epoll.c:911)
    ==29279==    by 0x879A936: std_event_loop_once (tevent_standard.c:114)
    ==29279==  Address 0xbbad240 is 96 bytes inside a block of size 106 free'd
    ==29279==    at 0x4C2AD17: free (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so)
    ==29279==    by 0x89A46E3: _talloc_free (in /usr/lib64/libtalloc.so.2.1.2)
    ==29279==    by 0x116679: nss_cmd_initgroups_search (nsssrv_cmd.c:4190)
    ==29279==    by 0x118B27: nss_cmd_getby_dp_callback (nsssrv_cmd.c:1208)
    ==29279==    by 0x10F2B4: nsssrv_dp_send_acct_req_done (nsssrv_cmd.c:759)
    ==29279==    by 0x126AFB: sss_dp_internal_get_done (responder_dp.c:802)
    ==29279==    by 0x56EA861: ??? (in /usr/lib64/libdbus-1.so.3.7.4)
    ==29279==    by 0x56EDB50: dbus_connection_dispatch (in /usr/lib64/libdbus-1.so.3.7.4)
    ==29279==    by 0x50721E1: sbus_dispatch (sssd_dbus_connection.c:96)
    ==29279==    by 0x879B22E: tevent_common_loop_timer_delay (tevent_timed.c:341)
    ==29279==    by 0x879C239: epoll_event_loop_once (tevent_epoll.c:911)
    ==29279==    by 0x879A936: std_event_loop_once (tevent_standard.c:114)
    
    Resolves:
    https://fedorahosted.org/sssd/ticket/2749
    
    Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>