|
 |
2fc102 |
From a9385ea99d15976c5e7585059945f6964f85339c Mon Sep 17 00:00:00 2001
|
|
|
2fc102 |
From: Lukas Slebodnik <lslebodn@redhat.com>
|
|
|
2fc102 |
Date: Tue, 25 Mar 2014 17:57:32 +0100
|
|
|
2fc102 |
Subject: [PATCH] IPA: Use function sysdb_attrs_get_el in safe way
|
|
|
2fc102 |
|
|
|
2fc102 |
Function sysdb_attrs_get_el can enlarge array of ldb_message_element in "struct
|
|
|
2fc102 |
sysdb_attrs" if attribute is not among available attributes. Array will be
|
|
|
2fc102 |
enlarged with function talloc_realloc but realloc can move array to another
|
|
|
2fc102 |
place in memory therefore ldb_message_element should not be used after next
|
|
|
2fc102 |
call of function sysdb_attrs_get_el
|
|
|
2fc102 |
|
|
|
2fc102 |
sysdb_attrs_get_el(netgroup, SYSDB_ORIG_MEMBER_USER, &user_found);
|
|
|
2fc102 |
sysdb_attrs_get_el(netgroup, SYSDB_ORIG_MEMBER_HOST, &host_found);
|
|
|
2fc102 |
With netgroups, it is common to omit user or host from netgroup triple.
|
|
|
2fc102 |
There is very high probability that realloc will be called. it is possible
|
|
|
2fc102 |
pointer user_found can refer to the old area after the second call of function
|
|
|
2fc102 |
sysdb_attrs_get_el.
|
|
|
2fc102 |
|
|
|
2fc102 |
Resolves:
|
|
|
2fc102 |
https://fedorahosted.org/sssd/ticket/2284
|
|
|
2fc102 |
---
|
|
|
2fc102 |
src/providers/ipa/ipa_netgroups.c | 17 +++++++----------
|
|
|
2fc102 |
1 file changed, 7 insertions(+), 10 deletions(-)
|
|
|
2fc102 |
|
|
|
2fc102 |
diff --git a/src/providers/ipa/ipa_netgroups.c b/src/providers/ipa/ipa_netgroups.c
|
|
|
2fc102 |
index 49a4ba9ab60a05b31241916cf0a7669c785764d4..9cc374bc17eb53accaf607736a19555e17ebf4e1 100644
|
|
|
2fc102 |
--- a/src/providers/ipa/ipa_netgroups.c
|
|
|
2fc102 |
+++ b/src/providers/ipa/ipa_netgroups.c
|
|
|
2fc102 |
@@ -297,9 +297,7 @@ static void ipa_get_netgroups_process(struct tevent_req *subreq)
|
|
|
2fc102 |
struct ipa_get_netgroups_state *state = tevent_req_data(req,
|
|
|
2fc102 |
struct ipa_get_netgroups_state);
|
|
|
2fc102 |
int i, ret;
|
|
|
2fc102 |
- struct ldb_message_element *ng_found;
|
|
|
2fc102 |
- struct ldb_message_element *host_found;
|
|
|
2fc102 |
- struct ldb_message_element *user_found;
|
|
|
2fc102 |
+ struct ldb_message_element *el;
|
|
|
2fc102 |
struct sdap_search_base **netgr_bases;
|
|
|
2fc102 |
struct sysdb_attrs **netgroups;
|
|
|
2fc102 |
size_t netgroups_count;
|
|
|
2fc102 |
@@ -345,16 +343,19 @@ static void ipa_get_netgroups_process(struct tevent_req *subreq)
|
|
|
2fc102 |
|
|
|
2fc102 |
for (i = 0; i < netgroups_count; i++) {
|
|
|
2fc102 |
ret = sysdb_attrs_get_el(netgroups[i], SYSDB_ORIG_NETGROUP_MEMBER,
|
|
|
2fc102 |
- &ng_found);
|
|
|
2fc102 |
+ &el);
|
|
|
2fc102 |
if (ret != EOK) goto done;
|
|
|
2fc102 |
+ if (el->num_values) state->entities_found |= ENTITY_NG;
|
|
|
2fc102 |
|
|
|
2fc102 |
ret = sysdb_attrs_get_el(netgroups[i], SYSDB_ORIG_MEMBER_USER,
|
|
|
2fc102 |
- &user_found);
|
|
|
2fc102 |
+ &el);
|
|
|
2fc102 |
if (ret != EOK) goto done;
|
|
|
2fc102 |
+ if (el->num_values) state->entities_found |= ENTITY_USER;
|
|
|
2fc102 |
|
|
|
2fc102 |
ret = sysdb_attrs_get_el(netgroups[i], SYSDB_ORIG_MEMBER_HOST,
|
|
|
2fc102 |
- &host_found);
|
|
|
2fc102 |
+ &el);
|
|
|
2fc102 |
if (ret != EOK) goto done;
|
|
|
2fc102 |
+ if (el->num_values) state->entities_found |= ENTITY_HOST;
|
|
|
2fc102 |
|
|
|
2fc102 |
ret = sysdb_attrs_get_string(netgroups[i], SYSDB_ORIG_DN, &orig_dn);
|
|
|
2fc102 |
if (ret != EOK) {
|
|
|
2fc102 |
@@ -371,10 +372,6 @@ static void ipa_get_netgroups_process(struct tevent_req *subreq)
|
|
|
2fc102 |
goto done;
|
|
|
2fc102 |
}
|
|
|
2fc102 |
|
|
|
2fc102 |
- if (ng_found->num_values) state->entities_found |= ENTITY_NG;
|
|
|
2fc102 |
- if (user_found->num_values) state->entities_found |= ENTITY_USER;
|
|
|
2fc102 |
- if (host_found->num_values) state->entities_found |= ENTITY_HOST;
|
|
|
2fc102 |
-
|
|
|
2fc102 |
if (state->entities_found == 0) {
|
|
|
2fc102 |
continue;
|
|
|
2fc102 |
}
|
|
|
2fc102 |
--
|
|
|
2fc102 |
1.8.5.3
|
|
|
2fc102 |
|