summaryrefslogtreecommitdiff
path: root/source3
diff options
context:
space:
mode:
authorMichael Adam <obnox@samba.org>2007-12-12 13:50:48 +0100
committerJeremy Allison <jra@samba.org>2007-12-12 09:47:41 -0800
commit2ade25279c2770ce0cbec2130c55c1e3a3154935 (patch)
treee35472e10ca6e1e9a958e65d3cf1ed37b30be0f8 /source3
parentb0469d0b6949525479ecd980d9d5991a8908ba26 (diff)
downloadsamba-2ade25279c2770ce0cbec2130c55c1e3a3154935.tar.gz
samba-2ade25279c2770ce0cbec2130c55c1e3a3154935.tar.bz2
samba-2ade25279c2770ce0cbec2130c55c1e3a3154935.zip
Fix logic and prevent segfaults in secrets trustdom tdb pack code.
New size calculation logic in tdb_trusted_dom_pass_pack() and tdb_sid_pack() used accumulated sizes as successive offsets to buffer pointer. Michael (This used to be commit 9c24713b402978e74dc8691be5cab71d8666eb41)
Diffstat (limited to 'source3')
-rw-r--r--source3/passdb/secrets.c28
1 files changed, 14 insertions, 14 deletions
diff --git a/source3/passdb/secrets.c b/source3/passdb/secrets.c
index 32335eec89..a4cb76602a 100644
--- a/source3/passdb/secrets.c
+++ b/source3/passdb/secrets.c
@@ -360,16 +360,16 @@ static size_t tdb_sid_pack(uint8 *pack_buf, int bufsize, DOM_SID* sid)
len += tdb_pack(p, remaining_space, "bb", sid->sid_rev_num,
sid->num_auths);
if (pack_buf) {
- p += len;
- remaining_space -= len;
+ p = pack_buf + len;
+ remaining_space = bufsize - len;
}
for (idx = 0; idx < 6; idx++) {
len += tdb_pack(p, remaining_space, "b",
sid->id_auth[idx]);
if (pack_buf) {
- p += len;
- remaining_space -= len;
+ p = pack_buf + len;
+ remaining_space = bufsize - len;
}
}
@@ -377,8 +377,8 @@ static size_t tdb_sid_pack(uint8 *pack_buf, int bufsize, DOM_SID* sid)
len += tdb_pack(p, remaining_space, "d",
sid->sub_auths[idx]);
if (pack_buf) {
- p += len;
- remaining_space -= len;
+ p = pack_buf + len;
+ remaining_space = bufsize - len;
}
}
@@ -440,31 +440,31 @@ static size_t tdb_trusted_dom_pass_pack(uint8 *pack_buf, int bufsize,
len += tdb_pack(p, remaining_space, "d",
pass->uni_name_len);
if (pack_buf) {
- p += len;
- remaining_space -= len;
+ p = pack_buf + len;
+ remaining_space = bufsize - len;
}
for (idx = 0; idx < 32; idx++) {
len += tdb_pack(p, remaining_space, "w",
pass->uni_name[idx]);
if (pack_buf) {
- p += len;
- remaining_space -= len;
+ p = pack_buf + len;
+ remaining_space = bufsize - len;
}
}
len += tdb_pack(p, remaining_space, "dPd", pass->pass_len,
pass->pass, pass->mod_time);
if (pack_buf) {
- p += len;
- remaining_space -= len;
+ p = pack_buf + len;
+ remaining_space = bufsize - len;
}
/* packing SID structure */
len += tdb_sid_pack(p, remaining_space, &pass->domain_sid);
if (pack_buf) {
- p += len;
- remaining_space -= len;
+ p = pack_buf + len;
+ remaining_space = bufsize - len;
}
return len;