summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorGünther Deschner <gd@samba.org>2010-05-28 14:11:53 +0200
committerGünther Deschner <gd@samba.org>2010-05-28 14:30:03 +0200
commit87037006bd27601b620d0d31f72261ba968d9567 (patch)
treee7b6e62b2be2206829cbfde7d9e8b4fc8a15f574
parente5fca6aebf1fdde230be09c0bec718b7a607e056 (diff)
downloadsamba-87037006bd27601b620d0d31f72261ba968d9567.tar.gz
samba-87037006bd27601b620d0d31f72261ba968d9567.tar.bz2
samba-87037006bd27601b620d0d31f72261ba968d9567.zip
s3-samr: Fix crash bug in _samr_QueryUserInfo{2} level 18.
Guenther
-rw-r--r--source3/rpc_server/srv_samr_nt.c17
1 files changed, 13 insertions, 4 deletions
diff --git a/source3/rpc_server/srv_samr_nt.c b/source3/rpc_server/srv_samr_nt.c
index 09b56ed6de..0b8e7a521c 100644
--- a/source3/rpc_server/srv_samr_nt.c
+++ b/source3/rpc_server/srv_samr_nt.c
@@ -2764,6 +2764,8 @@ static NTSTATUS get_user_info_18(pipes_struct *p,
{
struct samu *smbpass=NULL;
bool ret;
+ const uint8_t *nt_pass = NULL;
+ const uint8_t *lm_pass = NULL;
ZERO_STRUCTP(r);
@@ -2798,10 +2800,17 @@ static NTSTATUS get_user_info_18(pipes_struct *p,
return NT_STATUS_ACCOUNT_DISABLED;
}
- r->lm_pwd_active = true;
- r->nt_pwd_active = true;
- memcpy(r->lm_pwd.hash, pdb_get_lanman_passwd(smbpass), 16);
- memcpy(r->nt_pwd.hash, pdb_get_nt_passwd(smbpass), 16);
+ lm_pass = pdb_get_lanman_passwd(smbpass);
+ if (lm_pass != NULL) {
+ memcpy(r->lm_pwd.hash, lm_pass, 16);
+ r->lm_pwd_active = true;
+ }
+
+ nt_pass = pdb_get_nt_passwd(smbpass);
+ if (nt_pass != NULL) {
+ memcpy(r->nt_pwd.hash, nt_pass, 16);
+ r->nt_pwd_active = true;
+ }
r->password_expired = 0; /* FIXME */
TALLOC_FREE(smbpass);