diff options
author | Jeremy Allison <jra@samba.org> | 2006-03-10 18:32:18 +0000 |
---|---|---|
committer | Gerald (Jerry) Carter <jerry@samba.org> | 2007-10-10 11:15:15 -0500 |
commit | 5f224c2c265faa50e5495cc738f1a62c6aa70d56 (patch) | |
tree | 9004681145c263d06fca6b9b7bbb18c564d861f7 | |
parent | 47a11f8a4c6156965163fd89bef668cd6612b70c (diff) | |
download | samba-5f224c2c265faa50e5495cc738f1a62c6aa70d56.tar.gz samba-5f224c2c265faa50e5495cc738f1a62c6aa70d56.tar.bz2 samba-5f224c2c265faa50e5495cc738f1a62c6aa70d56.zip |
r14170: Paranioa fix for sesssetup.
Fix Coverity bug #26. Guard against NULL ref.
Jeremy.
(This used to be commit c0f906ac8de850f4566b6b3be4e3c7d245e6e252)
-rw-r--r-- | source3/libads/krb5_setpw.c | 26 | ||||
-rw-r--r-- | source3/smbd/sesssetup.c | 5 |
2 files changed, 22 insertions, 9 deletions
diff --git a/source3/libads/krb5_setpw.c b/source3/libads/krb5_setpw.c index 6ffd218e96..42ca36f344 100644 --- a/source3/libads/krb5_setpw.c +++ b/source3/libads/krb5_setpw.c @@ -65,19 +65,22 @@ static DATA_BLOB encode_krb5_setpw(const char *principal, const char *password) princ = SMB_STRDUP(principal); if ((c = strchr_m(princ, '/')) == NULL) { - c = princ; + c = princ; } else { - *c = '\0'; - c++; - princ_part1 = princ; + *c = '\0'; + c++; + princ_part1 = princ; } princ_part2 = c; if ((c = strchr_m(c, '@')) != NULL) { - *c = '\0'; - c++; - realm = c; + *c = '\0'; + c++; + realm = c; + } else { + /* We must have a realm component. */ + return data_blob(NULL, 0); } memset(&req, 0, sizeof(req)); @@ -97,8 +100,9 @@ static DATA_BLOB encode_krb5_setpw(const char *principal, const char *password) asn1_push_tag(&req, ASN1_CONTEXT(1)); asn1_push_tag(&req, ASN1_SEQUENCE(0)); - if (princ_part1) - asn1_write_GeneralString(&req, princ_part1); + if (princ_part1) { + asn1_write_GeneralString(&req, princ_part1); + } asn1_write_GeneralString(&req, princ_part2); asn1_pop_tag(&req); @@ -151,6 +155,10 @@ static krb5_error_code build_kpasswd_request(uint16 pversion, else return EINVAL; + if (setpw.data == NULL || setpw.length == 0) { + return EINVAL; + } + encoded_setpw.data = (char *)setpw.data; encoded_setpw.length = setpw.length; diff --git a/source3/smbd/sesssetup.c b/source3/smbd/sesssetup.c index d32ff9fa14..fcb778d1fe 100644 --- a/source3/smbd/sesssetup.c +++ b/source3/smbd/sesssetup.c @@ -1079,6 +1079,11 @@ int reply_sesssetup_and_X(connection_struct *conn, char *inbuf,char *outbuf, return ERROR_NT(nt_status_squash(nt_status)); } + /* Ensure we can't possible take a code path leading to a null defref. */ + if (!server_info) { + return ERROR_NT(NT_STATUS_LOGON_FAILURE); + } + nt_status = create_local_token(server_info); if (!NT_STATUS_IS_OK(nt_status)) { DEBUG(10, ("create_local_token failed: %s\n", |