]> git.ipfire.org Git - thirdparty/samba.git/commitdiff
projects / thirdparty / samba.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 42bc525)
source4/dsdb: Fix NULL dereference in log_membership_changes()
authorAnoop C S <anoopcs@samba.org>
Tue, 19 May 2026 10:31:55 +0000 (16:01 +0530)
committerMartin Schwenke <martins@samba.org>
Thu, 21 May 2026 02:21:29 +0000 (02:21 +0000)
When get_parsed_dns() fails due to OOM, it returns NULL. Without
checking for NULL before the comparison loop, old_val and new_val
are dereferenced causing a NULL pointer dereference.

Add explicit NULL guards after both get_parsed_dns() calls and return
early if either fails when the corresponding element has values.

Signed-off-by: Anoop C S <anoopcs@samba.org>
Reviewed-by: Martin Schwenke <martin@meltin.net>
source4/dsdb/samdb/ldb_modules/group_audit.c patch | blob | blame | history

diff --git a/source4/dsdb/samdb/ldb_modules/group_audit.c b/source4/dsdb/samdb/ldb_modules/group_audit.c
index 70e76528a7d6e61d91cefda154fba7281bf03943..54ecea386701e5f76e16c4ebf8fd81ef580a5998 100644 (file)
--- a/source4/dsdb/samdb/ldb_modules/group_audit.c
+++ b/source4/dsdb/samdb/ldb_modules/group_audit.c
@@ -702,6 +702,18 @@ static void log_membership_changes(struct ldb_module *module,
 
        old_values = get_parsed_dns(ctx, old_el);
        new_values = get_parsed_dns(ctx, el);
+
+       if (old_num_values > 0 && old_values == NULL) {
+               DBG_ERR("Failed to parse old member DNs, skipping audit\n");
+               TALLOC_FREE(ctx);
+               return;
+       }
+       if (new_num_values > 0 && new_values == NULL) {
+               DBG_ERR("Failed to parse new member DNs, skipping audit\n");
+               TALLOC_FREE(ctx);
+               return;
+       }
+
        ldb = ldb_module_get_ctx(module);
 
        old_i = 0;
Mirror of https://github.com/samba-team/samba.git