diff options
| author | Jeremy Allison <jra@samba.org> | 2011-04-18 14:32:11 -0700 |
|---|---|---|
| committer | Jeremy Allison <jra@samba.org> | 2011-04-19 00:17:08 +0200 |
| commit | bde2bcc8efd735d08b55ac3083d7b0f6490100d0 (patch) | |
| tree | e7a58e0dafdb254e6748efaf78d0535d34a0cf14 /source3/rpc_client/cli_samr.c | |
| parent | c2a62e854632dcae69a5ae911b6ab11e272d0a81 (diff) | |
| download | samba-bde2bcc8efd735d08b55ac3083d7b0f6490100d0.tar.gz samba-bde2bcc8efd735d08b55ac3083d7b0f6490100d0.tar.bz2 samba-bde2bcc8efd735d08b55ac3083d7b0f6490100d0.zip | |
Fix bug 8088 - rpccli_samr_chng_pswd_auth_crap segfaults if any input blobs are null.
Correct fix - ensure we have enough length, and correctly null out
passed in structs if not.
Jeremy.
Autobuild-User: Jeremy Allison <jra@samba.org>
Autobuild-Date: Tue Apr 19 00:17:08 CEST 2011 on sn-devel-104
Diffstat (limited to 'source3/rpc_client/cli_samr.c')
| -rw-r--r-- | source3/rpc_client/cli_samr.c | 21 |
1 files changed, 9 insertions, 12 deletions
diff --git a/source3/rpc_client/cli_samr.c b/source3/rpc_client/cli_samr.c index 5baf3e6315..e2bf08de4a 100644 --- a/source3/rpc_client/cli_samr.c +++ b/source3/rpc_client/cli_samr.c @@ -217,31 +217,28 @@ NTSTATUS dcerpc_samr_chng_pswd_auth_crap(struct dcerpc_binding_handle *h, DEBUG(10,("rpccli_samr_chng_pswd_auth_crap\n")); + ZERO_STRUCT(new_nt_password); + ZERO_STRUCT(new_lm_password); + ZERO_STRUCT(old_nt_hash_enc); + ZERO_STRUCT(old_lm_hash_enc); + init_lsa_String(&server, srv_name_slash); init_lsa_String(&account, username); - if (new_nt_password_blob.length > 0) { + if (new_nt_password_blob.data && new_nt_password_blob.length >= 516) { memcpy(&new_nt_password.data, new_nt_password_blob.data, 516); - } else { - ZERO_STRUCT(new_nt_password_blob); } - if (new_lm_password_blob.length > 0) { + if (new_lm_password_blob.data && new_lm_password_blob.length >= 516) { memcpy(&new_lm_password.data, new_lm_password_blob.data, 516); - } else { - ZERO_STRUCT(new_lm_password); } - if (old_nt_hash_enc_blob.length > 0) { + if (old_nt_hash_enc_blob.data && old_nt_hash_enc_blob.length >= 16) { memcpy(&old_nt_hash_enc.hash, old_nt_hash_enc_blob.data, 16); - } else { - ZERO_STRUCT(old_nt_hash_enc); } - if (old_lm_hash_enc_blob.length > 0) { + if (old_lm_hash_enc_blob.data && old_lm_hash_enc_blob.length >= 16) { memcpy(&old_lm_hash_enc.hash, old_lm_hash_enc_blob.data, 16); - } else { - ZERO_STRUCT(old_lm_hash_enc); } status = dcerpc_samr_ChangePasswordUser2(h, |