summaryrefslogtreecommitdiff
path: root/source3/libads
diff options
context:
space:
mode:
authorJeremy Allison <jra@samba.org>2006-02-21 03:08:42 +0000
committerGerald (Jerry) Carter <jerry@samba.org>2007-10-10 11:10:16 -0500
commit115996503ced64c478ed1cc857bd5a1528644b46 (patch)
treed0874a47a658c1a3d99c895a24ef7d10d4b02d22 /source3/libads
parent4ea92f30985466489a3b3faf5a1c90667175aad6 (diff)
downloadsamba-115996503ced64c478ed1cc857bd5a1528644b46.tar.gz
samba-115996503ced64c478ed1cc857bd5a1528644b46.tar.bz2
samba-115996503ced64c478ed1cc857bd5a1528644b46.zip
r13585: Sorry Gunther, had to revert this. It's got a buffer
overrun. Spoke to Jerry about the correct fix. Will add this after. Jeremy. (This used to be commit 33e13aabd3825c59d15dc897536e2ccf8c8f6d5e)
Diffstat (limited to 'source3/libads')
-rw-r--r--source3/libads/authdata.c14
1 files changed, 11 insertions, 3 deletions
diff --git a/source3/libads/authdata.c b/source3/libads/authdata.c
index bb4236c4fc..55e736ce6a 100644
--- a/source3/libads/authdata.c
+++ b/source3/libads/authdata.c
@@ -42,7 +42,16 @@ static BOOL pac_io_logon_name(const char *desc, PAC_LOGON_NAME *logon_name,
if (!prs_uint16("len", ps, depth, &logon_name->len))
return False;
- if (!prs_string_len("name", ps, depth, logon_name->username, logon_name->len))
+ if (UNMARSHALLING(ps) && logon_name->len) {
+ logon_name->username = PRS_ALLOC_MEM(ps, uint16, logon_name->len);
+ if (!logon_name->username) {
+ DEBUG(3, ("No memory available\n"));
+ return False;
+ }
+ }
+
+ if (!prs_uint16s(True, "name", ps, depth, logon_name->username,
+ (logon_name->len / sizeof(uint16))))
return False;
return True;
@@ -882,8 +891,7 @@ static void dump_pac_logon_info(PAC_LOGON_INFO *logon_info) {
nt_status = NT_STATUS_INVALID_PARAMETER;
goto out;
}
-
- rpcstr_pull(username, logon_name->username, sizeof(username), logon_name->len, 0);
+ rpcstr_pull(username, logon_name->username, sizeof(username), -1, STR_TERMINATE);
ret = smb_krb5_parse_name_norealm(context, username, &client_principal_pac);
if (ret) {