el->values is caller-provided memory that should be thought of as constant,
it should not be assumed to be a talloc context.
Otherwise, if the caller gives constant memory or a stack
pointer we will get an abort() in talloc when it expects
a talloc magic in the memory preceeding the el->values.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14258
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
(cherry picked from commit
3657bbc21182d764ddfcd603025f24ec240fd263)
for (i=0; i<el->num_values; i++) {
struct ldb_val v;
int ret;
- ret = attr->ldb_schema_attribute->syntax->canonicalise_fn(ldb, el->values, &el->values[i], &v);
+ /*
+ * We use msg->elements (owned by this module due to
+ * ldb_msg_copy_shallow()) as a memory context and
+ * then steal from there to the right spot if we don't
+ * free it.
+ */
+ ret = attr->ldb_schema_attribute->syntax->canonicalise_fn(ldb,
+ msg->elements,
+ &el->values[i],
+ &v);
if (ret != LDB_SUCCESS) {
return ret;
}
}
el->values[i] = v;
+
+ /*
+ * By now el->values is a talloc pointer under
+ * msg->elements and may now be used
+ */
+ talloc_steal(el->values, v.data);
}
return LDB_SUCCESS;
}
projects / thirdparty / samba.git / commitdiff
