diff options
| author | Andrew Bartlett <abartlet@samba.org> | 2014-05-23 16:06:17 +1200 |
|---|---|---|
| committer | Karolin Seeger <kseeger@samba.org> | 2014-07-15 12:46:15 +0200 |
| commit | f72899ec2bc0ad3f6cd1e3d586235543b51f7cd1 (patch) | |
| tree | 1a68b5d71b7db5f49ec832bf73ba46919e1d3c12 /source4/dsdb/samdb/ldb_modules/repl_meta_data.c | |
| parent | 4730d74e38998aaeadbe13682cc6462c3ceb4766 (diff) | |
| download | samba-f72899ec2bc0ad3f6cd1e3d586235543b51f7cd1.tar.gz | |
dsdb: Do not store a struct ldb_dn in struct schema_data
The issue is that the DN contains a pointer to the ldb it belongs to,
and if this is not kept around long enough, we might reference memory
after it is de-allocated.
Andrew Bartlett
Change-Id: I040a6c37a3164b3309f370e32e598dd56b1a1bbb
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
(cherry picked from commit 8327321225251e312ccbd06bbefa5ebf98099f34)
Diffstat (limited to 'source4/dsdb/samdb/ldb_modules/repl_meta_data.c')
| -rw-r--r-- | source4/dsdb/samdb/ldb_modules/repl_meta_data.c | 11 |
1 files changed, 9 insertions, 2 deletions
diff --git a/source4/dsdb/samdb/ldb_modules/repl_meta_data.c b/source4/dsdb/samdb/ldb_modules/repl_meta_data.c index b01c956d1c..7784c2bd78 100644 --- a/source4/dsdb/samdb/ldb_modules/repl_meta_data.c +++ b/source4/dsdb/samdb/ldb_modules/repl_meta_data.c @@ -67,6 +67,7 @@ struct replmd_private { uint64_t mod_usn; uint64_t mod_usn_urgent; } *ncs; + struct ldb_dn *schema_dn; }; struct la_entry { @@ -240,6 +241,8 @@ static int replmd_init(struct ldb_module *module) } ldb_module_set_private(module, replmd_private); + replmd_private->schema_dn = ldb_get_schema_basedn(ldb); + return ldb_next_init(module); } @@ -888,6 +891,8 @@ static int replmd_add(struct ldb_module *module, struct ldb_request *req) bool remove_current_guid = false; bool is_urgent = false; struct ldb_message_element *objectclass_el; + struct replmd_private *replmd_private = + talloc_get_type_abort(ldb_module_get_private(module), struct replmd_private); /* check if there's a show relax control (used by provision to say 'I know what I'm doing') */ control = ldb_request_get_control(req, LDB_CONTROL_RELAX_OID); @@ -1179,7 +1184,7 @@ static int replmd_add(struct ldb_module *module, struct ldb_request *req) if (control) { control->critical = 0; } - if (ldb_dn_compare_base(ac->schema->base_dn, req->op.add.message->dn) != 0) { + if (ldb_dn_compare_base(replmd_private->schema_dn, req->op.add.message->dn) != 0) { /* Update the usn in the SAMLDB_MSDS_INTID_OPAQUE opaque */ msds_intid_struct = (struct samldb_msds_intid_persistant *) ldb_get_opaque(ldb, SAMLDB_MSDS_INTID_OPAQUE); @@ -2471,6 +2476,8 @@ static int replmd_modify(struct ldb_module *module, struct ldb_request *req) unsigned int functional_level; const DATA_BLOB *guid_blob; struct ldb_control *sd_propagation_control; + struct replmd_private *replmd_private = + talloc_get_type(ldb_module_get_private(module), struct replmd_private); /* do not manipulate our control entries */ if (ldb_dn_is_special(req->op.mod.message->dn)) { @@ -2609,7 +2616,7 @@ static int replmd_modify(struct ldb_module *module, struct ldb_request *req) } } - if (!ldb_dn_compare_base(ac->schema->base_dn, msg->dn)) { + if (!ldb_dn_compare_base(replmd_private->schema_dn, msg->dn)) { /* Update the usn in the SAMLDB_MSDS_INTID_OPAQUE opaque */ msds_intid_struct = (struct samldb_msds_intid_persistant *) ldb_get_opaque(ldb, SAMLDB_MSDS_INTID_OPAQUE); if (msds_intid_struct) { |