diff options
author | Michael Adam <obnox@samba.org> | 2007-12-12 13:50:48 +0100 |
---|---|---|
committer | Jeremy Allison <jra@samba.org> | 2007-12-12 09:47:41 -0800 |
commit | 2ade25279c2770ce0cbec2130c55c1e3a3154935 (patch) | |
tree | e35472e10ca6e1e9a958e65d3cf1ed37b30be0f8 /source3 | |
parent | b0469d0b6949525479ecd980d9d5991a8908ba26 (diff) | |
download | samba-2ade25279c2770ce0cbec2130c55c1e3a3154935.tar.gz samba-2ade25279c2770ce0cbec2130c55c1e3a3154935.tar.bz2 samba-2ade25279c2770ce0cbec2130c55c1e3a3154935.zip |
Fix logic and prevent segfaults in secrets trustdom tdb pack code.
New size calculation logic in tdb_trusted_dom_pass_pack()
and tdb_sid_pack() used accumulated sizes as successive offsets
to buffer pointer.
Michael
(This used to be commit 9c24713b402978e74dc8691be5cab71d8666eb41)
Diffstat (limited to 'source3')
-rw-r--r-- | source3/passdb/secrets.c | 28 |
1 files changed, 14 insertions, 14 deletions
diff --git a/source3/passdb/secrets.c b/source3/passdb/secrets.c index 32335eec89..a4cb76602a 100644 --- a/source3/passdb/secrets.c +++ b/source3/passdb/secrets.c @@ -360,16 +360,16 @@ static size_t tdb_sid_pack(uint8 *pack_buf, int bufsize, DOM_SID* sid) len += tdb_pack(p, remaining_space, "bb", sid->sid_rev_num, sid->num_auths); if (pack_buf) { - p += len; - remaining_space -= len; + p = pack_buf + len; + remaining_space = bufsize - len; } for (idx = 0; idx < 6; idx++) { len += tdb_pack(p, remaining_space, "b", sid->id_auth[idx]); if (pack_buf) { - p += len; - remaining_space -= len; + p = pack_buf + len; + remaining_space = bufsize - len; } } @@ -377,8 +377,8 @@ static size_t tdb_sid_pack(uint8 *pack_buf, int bufsize, DOM_SID* sid) len += tdb_pack(p, remaining_space, "d", sid->sub_auths[idx]); if (pack_buf) { - p += len; - remaining_space -= len; + p = pack_buf + len; + remaining_space = bufsize - len; } } @@ -440,31 +440,31 @@ static size_t tdb_trusted_dom_pass_pack(uint8 *pack_buf, int bufsize, len += tdb_pack(p, remaining_space, "d", pass->uni_name_len); if (pack_buf) { - p += len; - remaining_space -= len; + p = pack_buf + len; + remaining_space = bufsize - len; } for (idx = 0; idx < 32; idx++) { len += tdb_pack(p, remaining_space, "w", pass->uni_name[idx]); if (pack_buf) { - p += len; - remaining_space -= len; + p = pack_buf + len; + remaining_space = bufsize - len; } } len += tdb_pack(p, remaining_space, "dPd", pass->pass_len, pass->pass, pass->mod_time); if (pack_buf) { - p += len; - remaining_space -= len; + p = pack_buf + len; + remaining_space = bufsize - len; } /* packing SID structure */ len += tdb_sid_pack(p, remaining_space, &pass->domain_sid); if (pack_buf) { - p += len; - remaining_space -= len; + p = pack_buf + len; + remaining_space = bufsize - len; } return len; |