summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorVolker Lendecke <vlendec@samba.org>2004-05-07 08:42:13 +0000
committerGerald (Jerry) Carter <jerry@samba.org>2007-10-10 10:51:28 -0500
commit9259481d8626c542eaa3f87b17e346d8ad85e994 (patch)
treee270f50456d5ee54e0da78c5478d251b408b93d2
parent5254c9b6b492792fde6ae294d3d0be3fd3bb0f0f (diff)
downloadsamba-9259481d8626c542eaa3f87b17e346d8ad85e994.tar.gz
samba-9259481d8626c542eaa3f87b17e346d8ad85e994.tar.bz2
samba-9259481d8626c542eaa3f87b17e346d8ad85e994.zip
r545: Handing a NULL blob to base64_encode_data_blob leads to an invalid write of a
0 in base64_encode_data_blob. I don't know what the base64 encoding of a NULL string is, so fix the problematic caller I found. The real fix should go into base64_encode_data_blob. Volker (This used to be commit 55fd1e490efbe91c391c27101166284034cd32ef)
-rw-r--r--source3/rpc_server/srv_samr_util.c9
1 files changed, 6 insertions, 3 deletions
diff --git a/source3/rpc_server/srv_samr_util.c b/source3/rpc_server/srv_samr_util.c
index dd92e0d90a..417a712036 100644
--- a/source3/rpc_server/srv_samr_util.c
+++ b/source3/rpc_server/srv_samr_util.c
@@ -52,7 +52,8 @@ void copy_id20_to_sam_passwd(SAM_ACCOUNT *to, SAM_USER_INFO_20 *from)
old_string = pdb_get_munged_dial(to);
mung.length = from->hdr_munged_dial.uni_str_len;
mung.data = (uint8 *) from->uni_munged_dial.buffer;
- new_string = base64_encode_data_blob(mung);
+ new_string = (mung.length == 0) ?
+ NULL : base64_encode_data_blob(mung);
DEBUG(10,("INFO_20 UNI_MUNGED_DIAL: %s -> %s\n",old_string, new_string));
if (STRING_CHANGED_NC(old_string,new_string))
pdb_set_munged_dial(to , new_string, PDB_CHANGED);
@@ -210,7 +211,8 @@ void copy_id21_to_sam_passwd(SAM_ACCOUNT *to, SAM_USER_INFO_21 *from)
old_string = pdb_get_munged_dial(to);
mung.length = from->hdr_munged_dial.uni_str_len;
mung.data = (uint8 *) from->uni_munged_dial.buffer;
- newstr = base64_encode_data_blob(mung);
+ newstr = (mung.length == 0) ?
+ NULL : base64_encode_data_blob(mung);
DEBUG(10,("INFO_21 UNI_MUNGED_DIAL: %s -> %s\n",old_string, newstr));
if (STRING_CHANGED_NC(old_string,newstr))
pdb_set_munged_dial(to , newstr, PDB_CHANGED);
@@ -439,7 +441,8 @@ void copy_id23_to_sam_passwd(SAM_ACCOUNT *to, SAM_USER_INFO_23 *from)
old_string = pdb_get_munged_dial(to);
mung.length = from->hdr_munged_dial.uni_str_len;
mung.data = (uint8 *) from->uni_munged_dial.buffer;
- newstr = base64_encode_data_blob(mung);
+ newstr = (mung.length == 0) ?
+ NULL : base64_encode_data_blob(mung);
DEBUG(10,("INFO_23 UNI_MUNGED_DIAL: %s -> %s\n",old_string, newstr));
if (STRING_CHANGED_NC(old_string, newstr))
pdb_set_munged_dial(to , newstr, PDB_CHANGED);