diff options
author | Simo Sorce <idra@samba.org> | 2010-09-03 16:27:47 -0400 |
---|---|---|
committer | Günther Deschner <gd@samba.org> | 2010-09-23 10:54:24 -0700 |
commit | 3453bc7b1108390354c0825ee6b2b0bb28fca2f3 (patch) | |
tree | 06f22ad97f196db708495b459ca5a5a5546bc8b4 /source3/rpc_server/srv_netlog_nt.c | |
parent | 0ec372057308198cd2f1742c4a56868e6dab7213 (diff) | |
download | samba-3453bc7b1108390354c0825ee6b2b0bb28fca2f3.tar.gz samba-3453bc7b1108390354c0825ee6b2b0bb28fca2f3.tar.bz2 samba-3453bc7b1108390354c0825ee6b2b0bb28fca2f3.zip |
s3-dcerpc: make auth context opaque
This way we always double check in advance that the context
is of the right type with talloc_get_type_abort instead of
potentially accessing random memory by addressing the wrong
structure in the union.
Signed-off-by: Günther Deschner <gd@samba.org>
Diffstat (limited to 'source3/rpc_server/srv_netlog_nt.c')
-rw-r--r-- | source3/rpc_server/srv_netlog_nt.c | 8 |
1 files changed, 6 insertions, 2 deletions
diff --git a/source3/rpc_server/srv_netlog_nt.c b/source3/rpc_server/srv_netlog_nt.c index 76da1d00d6..d821b04cdc 100644 --- a/source3/rpc_server/srv_netlog_nt.c +++ b/source3/rpc_server/srv_netlog_nt.c @@ -1426,12 +1426,16 @@ static NTSTATUS _netr_LogonSamLogon_base(struct pipes_struct *p, /* Get the pipe session key from the creds. */ memcpy(pipe_session_key, creds->session_key, 16); } else { + struct schannel_state *schannel_auth; /* Get the pipe session key from the schannel. */ if ((p->auth.auth_type != DCERPC_AUTH_TYPE_SCHANNEL) - || (p->auth.a_u.schannel_auth == NULL)) { + || (p->auth.auth_ctx == NULL)) { return NT_STATUS_INVALID_HANDLE; } - memcpy(pipe_session_key, p->auth.a_u.schannel_auth->creds->session_key, 16); + + schannel_auth = talloc_get_type_abort(p->auth.auth_ctx, + struct schannel_state); + memcpy(pipe_session_key, schannel_auth->creds->session_key, 16); } switch (r->in.validation_level) { |