From: Volker Lendecke <vl@samba.org>
Date: Wed, 14 Apr 2021 08:48:04 +0000 (+0200)
Subject: create_local_token: Add error checks
X-Git-Tag: tevent-0.11.0~1089
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=1a696c9ae28453bbf40f14c8f0175664a4ddf3b8;p=thirdparty%2Fsamba.git

create_local_token: Add error checks

add_sid_to_array_unique() only fails for ENOMEM, and other parts of
the auth stack would probably crash under ENOMEM anyway. But this is
authorization-related code that should be as clean as possible.

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
---

diff --git a/source3/auth/auth_util.c b/source3/auth/auth_util.c
index 5a959bf1da8..f7b37e5be63 100644
--- a/source3/auth/auth_util.c
+++ b/source3/auth/auth_util.c
@@ -653,20 +653,35 @@ NTSTATUS create_local_token(TALLOC_CTX *mem_ctx,
 	 */
 
 	uid_to_unix_users_sid(session_info->unix_token->uid, &tmp_sid);
-	add_sid_to_array_unique(session_info->security_token, &tmp_sid,
-				&session_info->security_token->sids,
-				&session_info->security_token->num_sids);
+	status = add_sid_to_array_unique(
+		session_info->security_token,
+		&tmp_sid,
+		&session_info->security_token->sids,
+		&session_info->security_token->num_sids);
+	if (!NT_STATUS_IS_OK(status)) {
+		goto fail;
+	}
 
 	gid_to_unix_groups_sid(session_info->unix_token->gid, &tmp_sid);
-	add_sid_to_array_unique(session_info->security_token, &tmp_sid,
-				&session_info->security_token->sids,
-				&session_info->security_token->num_sids);
+	status = add_sid_to_array_unique(
+		session_info->security_token,
+		&tmp_sid,
+		&session_info->security_token->sids,
+		&session_info->security_token->num_sids);
+	if (!NT_STATUS_IS_OK(status)) {
+		goto fail;
+	}
 
 	for ( i=0; i<session_info->unix_token->ngroups; i++ ) {
 		gid_to_unix_groups_sid(session_info->unix_token->groups[i], &tmp_sid);
-		add_sid_to_array_unique(session_info->security_token, &tmp_sid,
-					&session_info->security_token->sids,
-					&session_info->security_token->num_sids);
+		status = add_sid_to_array_unique(
+			session_info->security_token,
+			&tmp_sid,
+			&session_info->security_token->sids,
+			&session_info->security_token->num_sids);
+		if (!NT_STATUS_IS_OK(status)) {
+			goto fail;
+		}
 	}
 
 	security_token_debug(DBGC_AUTH, 10, session_info->security_token);