summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorGünther Deschner <gd@samba.org>2006-03-23 13:22:54 +0000
committerGerald (Jerry) Carter <jerry@samba.org>2007-10-10 11:15:43 -0500
commitca81529f8ceb75680946c4713723b459f26169b7 (patch)
tree75ab5ded74cb823cbc944cdc38f1003d0fabab7f
parent18909a1dc77f77ab44208b9c8426ac31673194dc (diff)
downloadsamba-ca81529f8ceb75680946c4713723b459f26169b7.tar.gz
samba-ca81529f8ceb75680946c4713723b459f26169b7.tar.bz2
samba-ca81529f8ceb75680946c4713723b459f26169b7.zip
r14675: Protect against null sids and rids in the cached credentials functions.
Guenther (This used to be commit e162253a32119a31dd652b00f942d4c1a16fab83)
-rw-r--r--source3/nsswitch/winbindd_cache.c30
1 files changed, 28 insertions, 2 deletions
diff --git a/source3/nsswitch/winbindd_cache.c b/source3/nsswitch/winbindd_cache.c
index 12592178d9..f96f03290d 100644
--- a/source3/nsswitch/winbindd_cache.c
+++ b/source3/nsswitch/winbindd_cache.c
@@ -800,11 +800,20 @@ NTSTATUS wcache_cached_creds_exist(struct winbindd_domain *domain, const DOM_SID
struct winbind_cache *cache = get_cache(domain);
TDB_DATA data;
fstring key_str;
+ uint32 rid;
if (!cache->tdb) {
return NT_STATUS_INTERNAL_DB_ERROR;
}
+ if (is_null_sid(sid)) {
+ return NT_STATUS_INVALID_SID;
+ }
+
+ if (!(sid_peek_rid(sid, &rid)) || (rid == 0)) {
+ return NT_STATUS_INVALID_SID;
+ }
+
fstr_sprintf(key_str, "CRED/%s", sid_string_static(sid));
data = tdb_fetch(cache->tdb, make_tdb_data(key_str, strlen(key_str)));
@@ -825,11 +834,20 @@ NTSTATUS wcache_get_creds(struct winbindd_domain *domain,
struct cache_entry *centry = NULL;
NTSTATUS status;
time_t t;
+ uint32 rid;
if (!cache->tdb) {
return NT_STATUS_INTERNAL_DB_ERROR;
}
+ if (is_null_sid(sid)) {
+ return NT_STATUS_INVALID_SID;
+ }
+
+ if (!(sid_peek_rid(sid, &rid)) || (rid == 0)) {
+ return NT_STATUS_INVALID_SID;
+ }
+
centry = wcache_fetch(cache, domain, "CRED/%s", sid_string_static(sid));
if (!centry) {
@@ -860,9 +878,17 @@ NTSTATUS wcache_save_creds(struct winbindd_domain *domain,
{
struct cache_entry *centry;
fstring sid_string;
- NTSTATUS status = NT_STATUS_OK; /* ??? */
+ uint32 rid;
- centry = centry_start(domain, status);
+ if (is_null_sid(sid)) {
+ return NT_STATUS_INVALID_SID;
+ }
+
+ if (!(sid_peek_rid(sid, &rid)) || (rid == 0)) {
+ return NT_STATUS_INVALID_SID;
+ }
+
+ centry = centry_start(domain, NT_STATUS_OK);
if (!centry) {
return NT_STATUS_INTERNAL_DB_ERROR;
}