aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--source3/passdb/machine_account_secrets.c11
1 files changed, 10 insertions, 1 deletions
diff --git a/source3/passdb/machine_account_secrets.c b/source3/passdb/machine_account_secrets.c
index a96bf1c0b6a..d8ffcaa7fb6 100644
--- a/source3/passdb/machine_account_secrets.c
+++ b/source3/passdb/machine_account_secrets.c
@@ -114,6 +114,7 @@ bool secrets_store_domain_sid(const char *domain, const struct dom_sid *sid)
{
char *protect_ids;
bool ret;
+ struct dom_sid clean_sid = { 0 };
protect_ids = secrets_fetch(protect_ids_keystr(domain), NULL);
if (protect_ids) {
@@ -126,7 +127,15 @@ bool secrets_store_domain_sid(const char *domain, const struct dom_sid *sid)
}
SAFE_FREE(protect_ids);
- ret = secrets_store(domain_sid_keystr(domain), sid, sizeof(struct dom_sid ));
+ /*
+ * use a copy to prevent uninitialized memory from being carried over
+ * to the tdb
+ */
+ sid_copy(&clean_sid, sid);
+
+ ret = secrets_store(domain_sid_keystr(domain),
+ &clean_sid,
+ sizeof(struct dom_sid));
/* Force a re-query, in the case where we modified our domain */
if (ret) {