summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorJeremy Allison <jra@samba.org>2006-12-23 00:17:15 +0000
committerGerald (Jerry) Carter <jerry@samba.org>2007-10-10 12:16:41 -0500
commitad325a7905ada39d2fa6093880113dc834b56a43 (patch)
tree5f4980ca96cdaf1afdf2c5aabc4f18d75f4c5870
parent698877885047db370429ac7311e118512145334b (diff)
downloadsamba-ad325a7905ada39d2fa6093880113dc834b56a43.tar.gz
samba-ad325a7905ada39d2fa6093880113dc834b56a43.tar.bz2
samba-ad325a7905ada39d2fa6093880113dc834b56a43.zip
r20329: Fix a winbindd crash bug. If someone pulls
the network cable out of the machine *exactly* after the init_dc_connect() call in cm_connect_sam() or cm_connect_lsa() call succeeded but before any of the other calls fail, and they have debug level 10 set in the log, then we'd crash due to dereferencing a now NULL pointer (conn->cli gets set to NULL when the init_dc_connect() call called from cm_get_schannel_dcinfo() fails). Yes, before you ask this *did* happen on a customer site :-). Jeremy. (This used to be commit a0278a0cb062500ba97e237d02f55855b68719ec)
-rw-r--r--source3/nsswitch/winbindd_cm.c12
1 files changed, 7 insertions, 5 deletions
diff --git a/source3/nsswitch/winbindd_cm.c b/source3/nsswitch/winbindd_cm.c
index b2474c4664..f743d7a555 100644
--- a/source3/nsswitch/winbindd_cm.c
+++ b/source3/nsswitch/winbindd_cm.c
@@ -1623,7 +1623,7 @@ NTSTATUS cm_connect_sam(struct winbindd_domain *domain, TALLOC_CTX *mem_ctx,
struct rpc_pipe_client **cli, POLICY_HND *sam_handle)
{
struct winbindd_cm_conn *conn;
- NTSTATUS result;
+ NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
fstring conn_pwd;
struct dcinfo *p_dcinfo;
@@ -1693,8 +1693,9 @@ NTSTATUS cm_connect_sam(struct winbindd_domain *domain, TALLOC_CTX *mem_ctx,
/* Fall back to schannel if it's a W2K pre-SP1 box. */
if (!cm_get_schannel_dcinfo(domain, &p_dcinfo)) {
+ /* If this call fails - conn->cli can now be NULL ! */
DEBUG(10, ("cm_connect_sam: Could not get schannel auth info "
- "for domain %s, trying anon\n", conn->cli->domain));
+ "for domain %s, trying anon\n", domain->name));
goto anonymous;
}
conn->samr_pipe = cli_rpc_pipe_open_schannel_with_key
@@ -1766,7 +1767,7 @@ NTSTATUS cm_connect_lsa(struct winbindd_domain *domain, TALLOC_CTX *mem_ctx,
struct rpc_pipe_client **cli, POLICY_HND *lsa_policy)
{
struct winbindd_cm_conn *conn;
- NTSTATUS result;
+ NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
fstring conn_pwd;
struct dcinfo *p_dcinfo;
@@ -1825,8 +1826,9 @@ NTSTATUS cm_connect_lsa(struct winbindd_domain *domain, TALLOC_CTX *mem_ctx,
/* Fall back to schannel if it's a W2K pre-SP1 box. */
if (!cm_get_schannel_dcinfo(domain, &p_dcinfo)) {
+ /* If this call fails - conn->cli can now be NULL ! */
DEBUG(10, ("cm_connect_lsa: Could not get schannel auth info "
- "for domain %s, trying anon\n", conn->cli->domain));
+ "for domain %s, trying anon\n", domain->name));
goto anonymous;
}
conn->lsa_pipe = cli_rpc_pipe_open_schannel_with_key
@@ -1869,7 +1871,7 @@ NTSTATUS cm_connect_lsa(struct winbindd_domain *domain, TALLOC_CTX *mem_ctx,
done:
if (!NT_STATUS_IS_OK(result)) {
invalidate_cm_connection(conn);
- return NT_STATUS_UNSUCCESSFUL;
+ return result;
}
*cli = conn->lsa_pipe;