summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorMatthias Dieter Wallnöfer <mwallnoefer@yahoo.de>2009-08-19 11:58:42 +0200
committerMatthias Dieter Wallnöfer <mwallnoefer@yahoo.de>2009-09-06 12:20:21 +0200
commit6677eea3b1d2c352fda6d8de5f8a41e8a313156a (patch)
tree7070df31f54fe29feff0bb93e8b95801cc73fd0e
parent43cfa69945c121b6929512a2ea607b2c3bfe0a74 (diff)
downloadsamba-6677eea3b1d2c352fda6d8de5f8a41e8a313156a.tar.gz
samba-6677eea3b1d2c352fda6d8de5f8a41e8a313156a.tar.bz2
samba-6677eea3b1d2c352fda6d8de5f8a41e8a313156a.zip
s4:dsdb/common/util.c - Copy parameters to prevent segfaults
The parameters "lmNewHash" and/or "ntNewHash" could be NULL and when we perform write operations on them (look below in the code) we could get SIGSEGVs!
-rw-r--r--source4/dsdb/common/util.c11
1 files changed, 8 insertions, 3 deletions
diff --git a/source4/dsdb/common/util.c b/source4/dsdb/common/util.c
index 189cb4ec82..6da02b0b6a 100644
--- a/source4/dsdb/common/util.c
+++ b/source4/dsdb/common/util.c
@@ -1578,8 +1578,8 @@ NTSTATUS samdb_set_password(struct ldb_context *ctx, TALLOC_CTX *mem_ctx,
struct ldb_dn *domain_dn,
struct ldb_message *mod,
const DATA_BLOB *new_password,
- struct samr_Password *lmNewHash,
- struct samr_Password *ntNewHash,
+ struct samr_Password *param_lmNewHash,
+ struct samr_Password *param_ntNewHash,
bool user_change,
enum samr_RejectReason *reject_reason,
struct samr_DomInfo1 **_dominfo)
@@ -1596,7 +1596,8 @@ NTSTATUS samdb_set_password(struct ldb_context *ctx, TALLOC_CTX *mem_ctx,
int64_t minPwdAge;
uint_t minPwdLength, pwdProperties, pwdHistoryLength;
uint_t userAccountControl;
- struct samr_Password *sambaLMPwdHistory, *sambaNTPwdHistory, *lmPwdHash, *ntPwdHash;
+ struct samr_Password *sambaLMPwdHistory, *sambaNTPwdHistory,
+ *lmPwdHash, *ntPwdHash, *lmNewHash, *ntNewHash;
struct samr_Password local_lmNewHash, local_ntNewHash;
int sambaLMPwdHistory_len, sambaNTPwdHistory_len;
struct dom_sid *domain_sid;
@@ -1624,6 +1625,10 @@ NTSTATUS samdb_set_password(struct ldb_context *ctx, TALLOC_CTX *mem_ctx,
ntPwdHash = samdb_result_hash(mem_ctx, res[0], "unicodePwd");
pwdLastSet = samdb_result_uint64(res[0], "pwdLastSet", 0);
+ /* Copy parameters */
+ lmNewHash = param_lmNewHash;
+ ntNewHash = param_ntNewHash;
+
/* Only non-trust accounts have restrictions (possibly this
* test is the wrong way around, but I like to be restrictive
* if possible */