From: Andrew Walker <awalker@ixsystems.com>
Date: Wed, 26 May 2021 13:04:07 +0000 (-0400)
Subject: s3:param:py_param - allocate buffer for nt_name and comment
X-Git-Tag: tevent-0.11.0~735
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=e9a804c9bdbcc68263857d8abb366fa08a820bb8;p=thirdparty%2Fsamba.git

s3:param:py_param - allocate buffer for nt_name and comment

nt_name and comment are allocated via talloc_strdup(). Length
is not guaranteed to be sizeof(fstring) and so rather than use
fstrcpy into a possibly NULL buffer, free original string, then
talloc_strdup() the one provided to us.

Signed-off-by: Andrew Walker <awalker@ixsystems.com>
Reviewed-by: Jeremy Allison <jra@samba.org>

Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Thu May 27 22:07:45 UTC 2021 on sn-devel-184
---

diff --git a/source3/passdb/py_passdb.c b/source3/passdb/py_passdb.c
index 8988959bfc7..f6fd50215f2 100644
--- a/source3/passdb/py_passdb.c
+++ b/source3/passdb/py_passdb.c
@@ -1359,12 +1359,19 @@ static int py_groupmap_set_nt_name(PyObject *obj, PyObject *value, void *closure
 	GROUP_MAP *group_map = (GROUP_MAP *)pytalloc_get_ptr(obj);
 
 	PY_CHECK_TYPE(&PyUnicode_Type, value, return -1;);
+	if (group_map->nt_name != NULL) {
+		TALLOC_FREE(group_map->nt_name);
+	}
 	if (value == Py_None) {
-		fstrcpy(group_map->nt_name, NULL);
+		group_map->nt_name = talloc_strdup(group_map, "");
 	} else {
-		fstrcpy(group_map->nt_name, PyUnicode_AsUTF8(value));
+		group_map->nt_name = talloc_strdup(group_map,
+						   PyUnicode_AsUTF8(value));
+	}
+	TALLOC_FREE(frame);
+	if (group_map->nt_name == NULL) {
+		return -1;
 	}
-	talloc_free(frame);
 	return 0;
 }
 
@@ -1389,12 +1396,19 @@ static int py_groupmap_set_comment(PyObject *obj, PyObject *value, void *closure
 	GROUP_MAP *group_map = (GROUP_MAP *)pytalloc_get_ptr(obj);
 
 	PY_CHECK_TYPE(&PyUnicode_Type, value, return -1;);
+	if (group_map->comment != NULL) {
+		TALLOC_FREE(group_map->comment);
+	}
 	if (value == Py_None) {
-		fstrcpy(group_map->comment, NULL);
+		group_map->comment = talloc_strdup(group_map, "");
 	} else {
-		fstrcpy(group_map->comment, PyUnicode_AsUTF8(value));
+		group_map->comment = talloc_strdup(group_map,
+						   PyUnicode_AsUTF8(value));
+	}
+	TALLOC_FREE(frame);
+	if (group_map->comment == NULL) {
+		return -1;
 	}
-	talloc_free(frame);
 	return 0;
 }