diff options
| -rw-r--r-- | source3/passdb/machine_account_secrets.c | 11 |
1 files changed, 10 insertions, 1 deletions
diff --git a/source3/passdb/machine_account_secrets.c b/source3/passdb/machine_account_secrets.c index a96bf1c0b6a..d8ffcaa7fb6 100644 --- a/source3/passdb/machine_account_secrets.c +++ b/source3/passdb/machine_account_secrets.c @@ -114,6 +114,7 @@ bool secrets_store_domain_sid(const char *domain, const struct dom_sid *sid) { char *protect_ids; bool ret; + struct dom_sid clean_sid = { 0 }; protect_ids = secrets_fetch(protect_ids_keystr(domain), NULL); if (protect_ids) { @@ -126,7 +127,15 @@ bool secrets_store_domain_sid(const char *domain, const struct dom_sid *sid) } SAFE_FREE(protect_ids); - ret = secrets_store(domain_sid_keystr(domain), sid, sizeof(struct dom_sid )); + /* + * use a copy to prevent uninitialized memory from being carried over + * to the tdb + */ + sid_copy(&clean_sid, sid); + + ret = secrets_store(domain_sid_keystr(domain), + &clean_sid, + sizeof(struct dom_sid)); /* Force a re-query, in the case where we modified our domain */ if (ret) { |