From: Anoop C S <anoopcs@samba.org>
Date: Tue, 19 May 2026 10:31:55 +0000 (+0530)
Subject: source4/dsdb: Fix NULL dereference in log_membership_changes()
X-Git-Url: http://git.ipfire.org/gitweb/index.cgi?a=commitdiff_plain;h=2a265841369d04d19dff5b280ce14526f534dcce;p=thirdparty%2Fsamba.git

source4/dsdb: Fix NULL dereference in log_membership_changes()

When get_parsed_dns() fails due to OOM, it returns NULL. Without
checking for NULL before the comparison loop, old_val and new_val
are dereferenced causing a NULL pointer dereference.

Add explicit NULL guards after both get_parsed_dns() calls and return
early if either fails when the corresponding element has values.

Signed-off-by: Anoop C S <anoopcs@samba.org>
Reviewed-by: Martin Schwenke <martin@meltin.net>
---

diff --git a/source4/dsdb/samdb/ldb_modules/group_audit.c b/source4/dsdb/samdb/ldb_modules/group_audit.c
index 70e76528a7d..54ecea38670 100644
--- a/source4/dsdb/samdb/ldb_modules/group_audit.c
+++ b/source4/dsdb/samdb/ldb_modules/group_audit.c
@@ -702,6 +702,18 @@ static void log_membership_changes(struct ldb_module *module,
 
 	old_values = get_parsed_dns(ctx, old_el);
 	new_values = get_parsed_dns(ctx, el);
+
+	if (old_num_values > 0 && old_values == NULL) {
+		DBG_ERR("Failed to parse old member DNs, skipping audit\n");
+		TALLOC_FREE(ctx);
+		return;
+	}
+	if (new_num_values > 0 && new_values == NULL) {
+		DBG_ERR("Failed to parse new member DNs, skipping audit\n");
+		TALLOC_FREE(ctx);
+		return;
+	}
+
 	ldb = ldb_module_get_ctx(module);
 
 	old_i = 0;