From: Joseph Sutton <josephsutton@catalyst.net.nz>
Date: Thu, 24 Aug 2023 23:17:24 +0000 (+1200)
Subject: s4:kdc: Check return value of samdb_result_dom_sid()
X-Git-Tag: tevent-0.16.0~624
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=49b96243b522bd2005148984505bbf6e805590fe;p=thirdparty%2Fsamba.git

s4:kdc: Check return value of samdb_result_dom_sid()

We should not pass a NULL pointer into dom_sid_split_rid().

Unlike samdb_result_dom_sid(), samdb_result_dom_sid_buf() produces an
error code on failure and does not require a heap allocation.

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
---

diff --git a/source4/kdc/pac-glue.c b/source4/kdc/pac-glue.c
index bb445efe3e0..5b6b01d1597 100644
--- a/source4/kdc/pac-glue.c
+++ b/source4/kdc/pac-glue.c
@@ -750,7 +750,9 @@ int samba_krbtgt_is_in_db(struct samba_kdc_entry *p,
 			  bool *is_trusted)
 {
 	NTSTATUS status;
+	krb5_error_code ret;
 	int rodc_krbtgt_number, trust_direction;
+	struct dom_sid sid;
 	uint32_t rid;
 
 	TALLOC_CTX *mem_ctx = talloc_new(NULL);
@@ -774,8 +776,12 @@ int samba_krbtgt_is_in_db(struct samba_kdc_entry *p,
 
 	/* The lack of password controls etc applies to krbtgt by
 	 * virtue of being that particular RID */
-	status = dom_sid_split_rid(NULL, samdb_result_dom_sid(mem_ctx, p->msg, "objectSid"), NULL, &rid);
+	ret = samdb_result_dom_sid_buf(p->msg, "objectSid", &sid);
+	if (ret) {
+		return ret;
+	}
 
+	status = dom_sid_split_rid(NULL, &sid, NULL, &rid);
 	if (!NT_STATUS_IS_OK(status)) {
 		talloc_free(mem_ctx);
 		return map_errno_from_nt_status(status);