From: Joseph Sutton <josephsutton@catalyst.net.nz>
Date: Mon, 7 Aug 2023 03:05:24 +0000 (+1200)
Subject: s4:dsdb: Check result of talloc functions
X-Git-Tag: tevent-0.16.0~1110
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=4fad62d953cf225209e21f117bb02815c88560ff;p=thirdparty%2Fsamba.git

s4:dsdb: Check result of talloc functions

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
---

diff --git a/source4/dsdb/common/util.c b/source4/dsdb/common/util.c
index cd8552959db..5705b89d180 100644
--- a/source4/dsdb/common/util.c
+++ b/source4/dsdb/common/util.c
@@ -3436,6 +3436,10 @@ WERROR dsdb_loadreps(struct ldb_context *sam_ctx, TALLOC_CTX *mem_ctx, struct ld
 	*r = NULL;
 	*count = 0;
 
+	if (tmp_ctx == NULL) {
+		return WERR_NOT_ENOUGH_MEMORY;
+	}
+
 	ret = dsdb_search_dn(sam_ctx, tmp_ctx, &res, dn, attrs, 0);
 	if (ret == LDB_ERR_NO_SUCH_OBJECT) {
 		/* partition hasn't been replicated yet */
@@ -3496,7 +3500,14 @@ WERROR dsdb_savereps(struct ldb_context *sam_ctx, TALLOC_CTX *mem_ctx, struct ld
 	struct ldb_message_element *el;
 	unsigned int i;
 
+	if (tmp_ctx == NULL) {
+		goto failed;
+	}
+
 	msg = ldb_msg_new(tmp_ctx);
+	if (msg == NULL) {
+		goto failed;
+	}
 	msg->dn = dn;
 	if (ldb_msg_add_empty(msg, attr, LDB_FLAG_MOD_REPLACE, &el) != LDB_SUCCESS) {
 		goto failed;
@@ -3550,6 +3561,10 @@ int dsdb_load_partition_usn(struct ldb_context *ldb, struct ldb_dn *dn,
 	struct dsdb_control_current_partition *p_ctrl;
 	struct ldb_result *res;
 
+	if (tmp_ctx == NULL) {
+		return ldb_oom(ldb);
+	}
+
 	res = talloc_zero(tmp_ctx, struct ldb_result);
 	if (!res) {
 		talloc_free(tmp_ctx);
@@ -3689,6 +3704,10 @@ int samdb_is_rodc(struct ldb_context *sam_ctx, const struct GUID *objectGUID, bo
 	struct ldb_message *msg;
 	TALLOC_CTX *tmp_ctx = talloc_new(sam_ctx);
 
+	if (tmp_ctx == NULL) {
+		return ldb_oom(sam_ctx);
+	}
+
 	ret = samdb_get_ntds_obj_by_guid(tmp_ctx,
 					 sam_ctx,
 					 objectGUID,
@@ -3772,6 +3791,9 @@ int samdb_dns_host_name(struct ldb_context *sam_ctx, const char **host_name)
 	}
 
 	tmp_ctx = talloc_new(sam_ctx);
+	if (tmp_ctx == NULL) {
+		return ldb_oom(sam_ctx);
+	}
 
 	ret = dsdb_search_dn(sam_ctx, tmp_ctx, &res, NULL, attrs, 0);
 
@@ -3962,8 +3984,17 @@ const char *samdb_cn_to_lDAPDisplayName(TALLOC_CTX *mem_ctx, const char *cn)
 		tokens[i][0] = toupper(tokens[i][0]);
 
 	ret = talloc_strdup(mem_ctx, tokens[0]);
-	for (i = 1; tokens[i] != NULL; i++)
+	if (ret == NULL) {
+		talloc_free(tokens);
+		return NULL;
+	}
+	for (i = 1; tokens[i] != NULL; i++) {
 		ret = talloc_asprintf_append_buffer(ret, "%s", tokens[i]);
+		if (ret == NULL) {
+			talloc_free(tokens);
+			return NULL;
+		}
+	}
 
 	talloc_free(tokens);
 
@@ -4425,6 +4456,10 @@ int dsdb_wellknown_dn(struct ldb_context *samdb, TALLOC_CTX *mem_ctx,
 	struct ldb_dn *dn;
 	struct ldb_result *res = NULL;
 
+	if (tmp_ctx == NULL) {
+		return ldb_oom(samdb);
+	}
+
 	/* construct the magic WKGUID DN */
 	dn = ldb_dn_new_fmt(tmp_ctx, samdb, "<WKGUID=%s,%s>",
 			    wk_guid, ldb_dn_get_linearized(nc_root));
@@ -5317,6 +5352,10 @@ int dsdb_search_dn(struct ldb_context *ldb,
 	struct ldb_result *res;
 	TALLOC_CTX *tmp_ctx = talloc_new(mem_ctx);
 
+	if (tmp_ctx == NULL) {
+		return ldb_oom(ldb);
+	}
+
 	res = talloc_zero(tmp_ctx, struct ldb_result);
 	if (!res) {
 		talloc_free(tmp_ctx);
@@ -5388,6 +5427,10 @@ int dsdb_search_by_dn_guid(struct ldb_context *ldb,
 	struct ldb_dn *dn;
 	int ret;
 
+	if (tmp_ctx == NULL) {
+		return ldb_oom(ldb);
+	}
+
 	dn = ldb_dn_new_fmt(tmp_ctx, ldb, "<GUID=%s>", GUID_string(tmp_ctx, guid));
 	if (dn == NULL) {
 		talloc_free(tmp_ctx);
@@ -5421,6 +5464,10 @@ int dsdb_search(struct ldb_context *ldb,
 	/* cross-partitions searches with a basedn break multi-domain support */
 	SMB_ASSERT(basedn == NULL || (dsdb_flags & DSDB_SEARCH_SEARCH_ALL_PARTITIONS) == 0);
 
+	if (tmp_ctx == NULL) {
+		return ldb_oom(ldb);
+	}
+
 	res = talloc_zero(tmp_ctx, struct ldb_result);
 	if (!res) {
 		talloc_free(tmp_ctx);
@@ -5538,6 +5585,10 @@ int dsdb_search_one(struct ldb_context *ldb,
 	char *expression = NULL;
 	TALLOC_CTX *tmp_ctx = talloc_new(mem_ctx);
 
+	if (tmp_ctx == NULL) {
+		return ldb_oom(ldb);
+	}
+
 	dsdb_flags |= DSDB_SEARCH_ONE_ONLY;
 
 	res = talloc_zero(tmp_ctx, struct ldb_result);
@@ -5640,6 +5691,10 @@ int dsdb_validate_dsa_guid(struct ldb_context *ldb,
 	struct dom_sid sid2;
 	NTSTATUS status;
 
+	if (tmp_ctx == NULL) {
+		return ldb_oom(ldb);
+	}
+
 	config_dn = ldb_get_config_basedn(ldb);
 
 	ret = dsdb_search_one(ldb, tmp_ctx, &msg, config_dn, LDB_SCOPE_SUBTREE,
@@ -5969,6 +6024,10 @@ int dsdb_create_partial_replica_NC(struct ldb_context *ldb,  struct ldb_dn *dn)
 	struct ldb_message *msg;
 	int ret;
 
+	if (tmp_ctx == NULL) {
+		return ldb_oom(ldb);
+	}
+
 	msg = ldb_msg_new(tmp_ctx);
 	if (msg == NULL) {
 		talloc_free(tmp_ctx);
@@ -6483,6 +6542,9 @@ bool dsdb_objects_have_same_nc(struct ldb_context *ldb,
 	bool same_nc = true;
 
 	tmp_ctx = talloc_new(mem_ctx);
+	if (tmp_ctx == NULL) {
+		return ldb_oom(ldb);
+	}
 
 	ret = dsdb_find_nc_root(ldb, tmp_ctx, source_dn, &source_nc);
 	/* fix clang warning */
@@ -6640,6 +6702,9 @@ int PRINTF_ATTRIBUTE(6, 7) dsdb_domain_count(
 
 	*count = 0;
 	tmp_ctx = talloc_new(ldb);
+	if (tmp_ctx == NULL) {
+		return ldb_oom(ldb);
+	}
 
 	context = talloc_zero(tmp_ctx, struct dsdb_count_domain_context);
 	if (context == NULL) {
diff --git a/source4/dsdb/samdb/ldb_modules/password_hash.c b/source4/dsdb/samdb/ldb_modules/password_hash.c
index bbf5a89dd16..7734cca0832 100644
--- a/source4/dsdb/samdb/ldb_modules/password_hash.c
+++ b/source4/dsdb/samdb/ldb_modules/password_hash.c
@@ -787,11 +787,13 @@ static int setup_kerberos_keys(struct setup_password_fields_io *io)
 	salt.data	= talloc_strndup(io->ac,
 					 (char *)salt_data.data,
 					 salt_data.length);
-	io->g.salt      = salt.data;
-	salt.length	= strlen(io->g.salt);
-
 	smb_krb5_free_data_contents(io->smb_krb5_context->krb5_context,
 				    &salt_data);
+	if (salt.data == NULL) {
+		return ldb_oom(ldb);
+	}
+	io->g.salt      = salt.data;
+	salt.length	= strlen(io->g.salt);
 
 	/*
 	 * create ENCTYPE_AES256_CTS_HMAC_SHA1_96 key out of
@@ -1619,6 +1621,10 @@ static int setup_primary_userPassword_hash(
 		return LDB_ERR_OPERATIONS_ERROR;
 	}
 	hash_value->scheme = talloc_strdup(ctx, CRYPT);
+	if (hash_value->scheme == NULL) {
+		TALLOC_FREE(frame);
+		return ldb_oom(ldb);
+	}
 	hash_value->scheme_len = strlen(CRYPT) + 1;
 
 	/* generate the id/salt parameter used by crypt */
@@ -1628,8 +1634,16 @@ static int setup_primary_userPassword_hash(
 				      algorithm,
 				      rounds,
 				      salt);
+		if (cmd == NULL) {
+			TALLOC_FREE(frame);
+			return ldb_oom(ldb);
+		}
 	} else {
 		cmd = talloc_asprintf(frame, "$%d$%s", algorithm, salt);
+		if (cmd == NULL) {
+			TALLOC_FREE(frame);
+			return ldb_oom(ldb);
+		}
 	}
 
 	/*
@@ -3784,6 +3798,9 @@ static int setup_io(struct ph_context *ac,
 		}
 
 		io->n.nt_hash = talloc(io->ac, struct samr_Password);
+		if (io->n.nt_hash == NULL) {
+			return ldb_oom(ldb);
+		}
 		memcpy(io->n.nt_hash->hash, quoted_utf16->data,
 		       MIN(quoted_utf16->length, sizeof(io->n.nt_hash->hash)));
 	}
@@ -3833,6 +3850,9 @@ static int setup_io(struct ph_context *ac,
 		}
 
 		io->og.nt_hash = talloc(io->ac, struct samr_Password);
+		if (io->og.nt_hash == NULL) {
+			return ldb_oom(ldb);
+		}
 		memcpy(io->og.nt_hash->hash, old_quoted_utf16->data,
 		       MIN(old_quoted_utf16->length, sizeof(io->og.nt_hash->hash)));
 	}