Do not pass emtpy wkssvc_PasswordBuffers to rpc functions.

Guenther
(This used to be commit fe75e5ccdfc2609380367e59215637b0de1ef241)

2 files changed, 18 insertions, 14 deletions

diff --git a/source3/lib/netapi/joindomain.c b/source3/lib/netapi/joindomain.c
index 0d4452e1df..c7849c952f 100644
--- a/source3/lib/netapi/joindomain.c
+++ b/source3/lib/netapi/joindomain.c
@@ -90,13 +90,11 @@ static WERROR NetJoinDomainRemote(struct libnetapi_ctx *ctx,
 {
 	struct cli_state *cli = NULL;
 	struct rpc_pipe_client *pipe_cli = NULL;
-	struct wkssvc_PasswordBuffer encrypted_password;
+	struct wkssvc_PasswordBuffer *encrypted_password = NULL;
 	NTSTATUS status;
 	WERROR werr;
 	unsigned int old_timeout = 0;
 
-	ZERO_STRUCT(encrypted_password);
-
 	status = cli_full_connection(&cli, NULL, server_name,
 				     NULL, 0,
 				     "IPC$", "IPC",
@@ -129,7 +127,7 @@ static WERROR NetJoinDomainRemote(struct libnetapi_ctx *ctx,
 	status = rpccli_wkssvc_NetrJoinDomain2(pipe_cli, ctx,
 					       server_name, domain_name,
 					       account_ou, Account,
-					       &encrypted_password,
+					       encrypted_password,
 					       join_flags, &werr);
 	if (!NT_STATUS_IS_OK(status)) {
 		werr = ntstatus_to_werror(status);
@@ -277,13 +275,11 @@ static WERROR NetUnjoinDomainRemote(struct libnetapi_ctx *ctx,
 {
 	struct cli_state *cli = NULL;
 	struct rpc_pipe_client *pipe_cli = NULL;
-	struct wkssvc_PasswordBuffer encrypted_password;
+	struct wkssvc_PasswordBuffer *encrypted_password = NULL;
 	NTSTATUS status;
 	WERROR werr;
 	unsigned int old_timeout = 0;
 
-	ZERO_STRUCT(encrypted_password);
-
 	status = cli_full_connection(&cli, NULL, server_name,
 				     NULL, 0,
 				     "IPC$", "IPC",
@@ -316,7 +312,7 @@ static WERROR NetUnjoinDomainRemote(struct libnetapi_ctx *ctx,
 	status = rpccli_wkssvc_NetrUnjoinDomain2(pipe_cli, ctx,
 						 server_name,
 						 account,
-						 &encrypted_password,
+						 encrypted_password,
 						 unjoin_flags,
 						 &werr);
 	if (!NT_STATUS_IS_OK(status)) {
diff --git a/source3/libsmb/smbencrypt.c b/source3/libsmb/smbencrypt.c
index 9e37d1d6cf..d7f6f604f7 100644
--- a/source3/libsmb/smbencrypt.c
+++ b/source3/libsmb/smbencrypt.c
@@ -704,16 +704,22 @@ char *decrypt_trustdom_secret(const char *pass, DATA_BLOB *data_in)
 void encode_wkssvc_join_password_buffer(TALLOC_CTX *mem_ctx,
 					const char *pwd,
 					DATA_BLOB *session_key,
-					struct wkssvc_PasswordBuffer *pwd_buf)
+					struct wkssvc_PasswordBuffer **pwd_buf)
 {
 	uint8_t buffer[516];
 	struct MD5Context ctx;
-
-	DATA_BLOB confounded_session_key = data_blob_talloc(mem_ctx, NULL, 16);
-
+	struct wkssvc_PasswordBuffer *my_pwd_buf = NULL;
+	DATA_BLOB confounded_session_key;
 	int confounder_len = 8;
 	uint8_t confounder[8];
 
+	my_pwd_buf = talloc_zero(mem_ctx, struct wkssvc_PasswordBuffer);
+	if (!my_pwd_buf) {
+		return;
+	}
+
+	confounded_session_key = data_blob_talloc(mem_ctx, NULL, 16);
+
 	encode_pw_buffer(buffer, pwd, STR_UNICODE);
 
 	generate_random_buffer((uint8_t *)confounder, confounder_len);
@@ -725,10 +731,12 @@ void encode_wkssvc_join_password_buffer(TALLOC_CTX *mem_ctx,
 
 	SamOEMhashBlob(buffer, 516, &confounded_session_key);
 
-	memcpy(&pwd_buf->data[0], confounder, confounder_len);
-	memcpy(&pwd_buf->data[8], buffer, 516);
+	memcpy(&my_pwd_buf->data[0], confounder, confounder_len);
+	memcpy(&my_pwd_buf->data[8], buffer, 516);
 
 	data_blob_free(&confounded_session_key);
+
+	*pwd_buf = my_pwd_buf;
 }
 
 WERROR decode_wkssvc_join_password_buffer(TALLOC_CTX *mem_ctx,