summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorAndrew Tridgell <tridge@samba.org>2005-01-02 23:31:12 +0000
committerGerald (Jerry) Carter <jerry@samba.org>2007-10-10 13:08:12 -0500
commit4db9496bb41e4c05d0c1178b56b4da4e4d486697 (patch)
tree4f85789a92d73ed61cd1df0d1a8d9006ffcb9afb
parentfc275d9889b730ed0b757674abdd0d8245c81dfc (diff)
downloadsamba-4db9496bb41e4c05d0c1178b56b4da4e4d486697.tar.gz
samba-4db9496bb41e4c05d0c1178b56b4da4e4d486697.tar.bz2
samba-4db9496bb41e4c05d0c1178b56b4da4e4d486697.zip
r4490: when implementing one rpc server call in terms of another call, you
must zero r.out before making the 2nd call if the 2nd call has any non-ref out parameters. This is needed for the case where the 2nd call fails, and the 1st call would then fill in its out fields based on uninitialised memory. (This used to be commit 202470326dcfaa5d36aaaf6be47eec40fed50402)
-rw-r--r--source4/rpc_server/samr/dcesrv_samr.c4
1 files changed, 3 insertions, 1 deletions
diff --git a/source4/rpc_server/samr/dcesrv_samr.c b/source4/rpc_server/samr/dcesrv_samr.c
index 3650c904a3..92de6fe402 100644
--- a/source4/rpc_server/samr/dcesrv_samr.c
+++ b/source4/rpc_server/samr/dcesrv_samr.c
@@ -3306,6 +3306,7 @@ static NTSTATUS samr_QueryUserInfo2(struct dcesrv_call_state *dce_call, TALLOC_C
struct samr_QueryUserInfo r1;
NTSTATUS status;
+ ZERO_STRUCT(r1.out);
r1.in.user_handle = r->in.user_handle;
r1.in.level = r->in.level;
@@ -3321,7 +3322,7 @@ static NTSTATUS samr_QueryUserInfo2(struct dcesrv_call_state *dce_call, TALLOC_C
samr_QueryDisplayInfo2
*/
static NTSTATUS samr_QueryDisplayInfo2(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
- struct samr_QueryDisplayInfo2 *r)
+ struct samr_QueryDisplayInfo2 *r)
{
struct samr_QueryDisplayInfo q;
NTSTATUS result;
@@ -3331,6 +3332,7 @@ static NTSTATUS samr_QueryDisplayInfo2(struct dcesrv_call_state *dce_call, TALLO
q.in.start_idx = r->in.start_idx;
q.in.max_entries = r->in.max_entries;
q.in.buf_size = r->in.buf_size;
+ ZERO_STRUCT(q.out);
result = samr_QueryDisplayInfo(dce_call, mem_ctx, &q);