From: Joseph Sutton <josephsutton@catalyst.net.nz>
Date: Thu, 10 Aug 2023 02:46:34 +0000 (+1200)
Subject: s4:kdc: Check result of samdb_result_dom_sid()
X-Git-Tag: tevent-0.16.0~1009
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=7cfddcbf3f02c8f2f18c527aba06cacdf6e499b0;p=thirdparty%2Fsamba.git

s4:kdc: Check result of samdb_result_dom_sid()

We must not pass a NULL pointer into dom_sid_split_rid().

While we’re at it, switch to using samdb_result_dom_sid_buf(), which
doesn’t require a heap allocation.

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
---

diff --git a/source4/kdc/db-glue.c b/source4/kdc/db-glue.c
index f3ecfd54b70..d7fe2f54347 100644
--- a/source4/kdc/db-glue.c
+++ b/source4/kdc/db-glue.c
@@ -1059,6 +1059,7 @@ static krb5_error_code samba_kdc_message2entry(krb5_context context,
 	NTTIME acct_expiry;
 	NTSTATUS status;
 	bool protected_user = false;
+	struct dom_sid sid;
 	uint32_t rid;
 	bool is_krbtgt = false;
 	bool is_rodc = false;
@@ -1259,8 +1260,11 @@ static krb5_error_code samba_kdc_message2entry(krb5_context context,
 
 	/* The lack of password controls etc applies to krbtgt by
 	 * virtue of being that particular RID */
-	status = dom_sid_split_rid(NULL, samdb_result_dom_sid(mem_ctx, msg, "objectSid"), NULL, &rid);
-
+	ret = samdb_result_dom_sid_buf(msg, "objectSid", &sid);
+	if (ret) {
+		goto out;
+	}
+	status = dom_sid_split_rid(NULL, &sid, NULL, &rid);
 	if (!NT_STATUS_IS_OK(status)) {
 		ret = EINVAL;
 		goto out;