summaryrefslogtreecommitdiff
path: root/source3/rpc_client/cli_samr.c
diff options
context:
space:
mode:
authorAndreas Schneider <asn@samba.org>2010-07-18 15:04:20 +0200
committerAndreas Schneider <asn@samba.org>2010-07-18 15:09:24 +0200
commit898fd584a4f96ba40c2692550518856671892add (patch)
treec6c61b609a79ccd15ccb3e0dc006607825c0f0a4 /source3/rpc_client/cli_samr.c
parent0d16a591f4053785f419b27b7bc9694ecdd47fd0 (diff)
downloadsamba-898fd584a4f96ba40c2692550518856671892add.tar.gz
samba-898fd584a4f96ba40c2692550518856671892add.tar.bz2
samba-898fd584a4f96ba40c2692550518856671892add.zip
s3-rpc_client: Fixed a segfault in rpccli_samr_chng_pswd_auth_crap().
This fixes the WINBIND-WBCLIENT test. The test set old_lm_hash_enc_blob.length to 0 and we don't check the length here. So the memcpy segfaulted.
Diffstat (limited to 'source3/rpc_client/cli_samr.c')
-rw-r--r--source3/rpc_client/cli_samr.c27
1 files changed, 23 insertions, 4 deletions
diff --git a/source3/rpc_client/cli_samr.c b/source3/rpc_client/cli_samr.c
index 8c92ebb059..8c1011293a 100644
--- a/source3/rpc_client/cli_samr.c
+++ b/source3/rpc_client/cli_samr.c
@@ -165,10 +165,29 @@ NTSTATUS rpccli_samr_chng_pswd_auth_crap(struct rpc_pipe_client *cli,
init_lsa_String(&server, cli->srv_name_slash);
init_lsa_String(&account, username);
- memcpy(&new_nt_password.data, new_nt_password_blob.data, 516);
- memcpy(&new_lm_password.data, new_lm_password_blob.data, 516);
- memcpy(&old_nt_hash_enc.hash, old_nt_hash_enc_blob.data, 16);
- memcpy(&old_lm_hash_enc.hash, old_lm_hash_enc_blob.data, 16);
+ if (new_nt_password_blob.length > 0) {
+ memcpy(&new_nt_password.data, new_nt_password_blob.data, 516);
+ } else {
+ ZERO_STRUCT(new_nt_password_blob);
+ }
+
+ if (new_lm_password_blob.length > 0) {
+ memcpy(&new_lm_password.data, new_lm_password_blob.data, 516);
+ } else {
+ ZERO_STRUCT(new_lm_password);
+ }
+
+ if (old_nt_hash_enc_blob.length > 0) {
+ memcpy(&old_nt_hash_enc.hash, old_nt_hash_enc_blob.data, 16);
+ } else {
+ ZERO_STRUCT(old_nt_hash_enc);
+ }
+
+ if (old_lm_hash_enc_blob.length > 0) {
+ memcpy(&old_lm_hash_enc.hash, old_lm_hash_enc_blob.data, 16);
+ } else {
+ ZERO_STRUCT(old_lm_hash_enc);
+ }
result = rpccli_samr_ChangePasswordUser2(cli, mem_ctx,
&server,