diff options
author | Volker Lendecke <vlendec@samba.org> | 2004-05-07 08:42:13 +0000 |
---|---|---|
committer | Gerald (Jerry) Carter <jerry@samba.org> | 2007-10-10 10:51:28 -0500 |
commit | 9259481d8626c542eaa3f87b17e346d8ad85e994 (patch) | |
tree | e270f50456d5ee54e0da78c5478d251b408b93d2 | |
parent | 5254c9b6b492792fde6ae294d3d0be3fd3bb0f0f (diff) | |
download | samba-9259481d8626c542eaa3f87b17e346d8ad85e994.tar.gz samba-9259481d8626c542eaa3f87b17e346d8ad85e994.tar.bz2 samba-9259481d8626c542eaa3f87b17e346d8ad85e994.zip |
r545: Handing a NULL blob to base64_encode_data_blob leads to an invalid write of a
0 in base64_encode_data_blob. I don't know what the base64 encoding of a NULL
string is, so fix the problematic caller I found. The real fix should go into
base64_encode_data_blob.
Volker
(This used to be commit 55fd1e490efbe91c391c27101166284034cd32ef)
-rw-r--r-- | source3/rpc_server/srv_samr_util.c | 9 |
1 files changed, 6 insertions, 3 deletions
diff --git a/source3/rpc_server/srv_samr_util.c b/source3/rpc_server/srv_samr_util.c index dd92e0d90a..417a712036 100644 --- a/source3/rpc_server/srv_samr_util.c +++ b/source3/rpc_server/srv_samr_util.c @@ -52,7 +52,8 @@ void copy_id20_to_sam_passwd(SAM_ACCOUNT *to, SAM_USER_INFO_20 *from) old_string = pdb_get_munged_dial(to); mung.length = from->hdr_munged_dial.uni_str_len; mung.data = (uint8 *) from->uni_munged_dial.buffer; - new_string = base64_encode_data_blob(mung); + new_string = (mung.length == 0) ? + NULL : base64_encode_data_blob(mung); DEBUG(10,("INFO_20 UNI_MUNGED_DIAL: %s -> %s\n",old_string, new_string)); if (STRING_CHANGED_NC(old_string,new_string)) pdb_set_munged_dial(to , new_string, PDB_CHANGED); @@ -210,7 +211,8 @@ void copy_id21_to_sam_passwd(SAM_ACCOUNT *to, SAM_USER_INFO_21 *from) old_string = pdb_get_munged_dial(to); mung.length = from->hdr_munged_dial.uni_str_len; mung.data = (uint8 *) from->uni_munged_dial.buffer; - newstr = base64_encode_data_blob(mung); + newstr = (mung.length == 0) ? + NULL : base64_encode_data_blob(mung); DEBUG(10,("INFO_21 UNI_MUNGED_DIAL: %s -> %s\n",old_string, newstr)); if (STRING_CHANGED_NC(old_string,newstr)) pdb_set_munged_dial(to , newstr, PDB_CHANGED); @@ -439,7 +441,8 @@ void copy_id23_to_sam_passwd(SAM_ACCOUNT *to, SAM_USER_INFO_23 *from) old_string = pdb_get_munged_dial(to); mung.length = from->hdr_munged_dial.uni_str_len; mung.data = (uint8 *) from->uni_munged_dial.buffer; - newstr = base64_encode_data_blob(mung); + newstr = (mung.length == 0) ? + NULL : base64_encode_data_blob(mung); DEBUG(10,("INFO_23 UNI_MUNGED_DIAL: %s -> %s\n",old_string, newstr)); if (STRING_CHANGED_NC(old_string, newstr)) pdb_set_munged_dial(to , newstr, PDB_CHANGED); |