From: Stefan Metzmacher Date: Wed, 29 Jan 2025 08:36:32 +0000 (+0100) Subject: auth: let make_user_info_dc_netlogon_validation validate all parameters first X-Git-Tag: tevent-0.17.0~785 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=ab3a62404fd1078c255a68238f88295ecdb06858;p=thirdparty%2Fsamba.git auth: let make_user_info_dc_netlogon_validation validate all parameters first Signed-off-by: Stefan Metzmacher Reviewed-by: Jennifer Sutton --- diff --git a/auth/auth_sam_reply.c b/auth/auth_sam_reply.c index 94e2c8b08ee..e0f3168e26a 100644 --- a/auth/auth_sam_reply.c +++ b/auth/auth_sam_reply.c @@ -686,11 +686,6 @@ NTSTATUS make_user_info_dc_netlogon_validation(TALLOC_CTX *mem_ctx, return NT_STATUS_INVALID_LEVEL; } - user_info_dc = talloc_zero(mem_ctx, struct auth_user_info_dc); - if (user_info_dc == NULL) { - return NT_STATUS_NO_MEMORY; - } - /* Here is where we should check the list of trusted domains, and verify that the SID @@ -698,17 +693,28 @@ NTSTATUS make_user_info_dc_netlogon_validation(TALLOC_CTX *mem_ctx, */ if (!base->domain_sid) { DEBUG(0, ("Cannot operate on a Netlogon Validation without a domain SID\n")); - talloc_free(user_info_dc); return NT_STATUS_INVALID_PARAMETER; } /* The IDL layer would be a better place to check this, but to * guard the integer addition below, we double-check */ - if (base->groups.count > 65535) { - talloc_free(user_info_dc); + if (base->groups.count > UINT16_MAX) { + return NT_STATUS_INVALID_PARAMETER; + } + + /* + * The IDL layer would be a better place to check this, but to + * guard the integer addition below, we double-check + */ + if (sidcount > UINT16_MAX) { return NT_STATUS_INVALID_PARAMETER; } + user_info_dc = talloc_zero(mem_ctx, struct auth_user_info_dc); + if (user_info_dc == NULL) { + return NT_STATUS_NO_MEMORY; + } + user_info_dc->num_sids = PRIMARY_SIDS_COUNT; user_info_dc->sids = talloc_array(user_info_dc, struct auth_SidAttr, user_info_dc->num_sids + base->groups.count); @@ -747,15 +753,6 @@ NTSTATUS make_user_info_dc_netlogon_validation(TALLOC_CTX *mem_ctx, user_info_dc->num_sids++; } - /* - * The IDL layer would be a better place to check this, but to - * guard the integer addition below, we double-check - */ - if (sidcount > UINT16_MAX) { - talloc_free(user_info_dc); - return NT_STATUS_INVALID_PARAMETER; - } - if (sidcount > 0) { struct auth_SidAttr *dgrps = user_info_dc->sids; size_t dgrps_count;