summaryrefslogtreecommitdiff
path: root/source3
diff options
context:
space:
mode:
authorJeremy Allison <jra@samba.org>2006-03-10 18:32:18 +0000
committerGerald (Jerry) Carter <jerry@samba.org>2007-10-10 11:15:15 -0500
commit5f224c2c265faa50e5495cc738f1a62c6aa70d56 (patch)
tree9004681145c263d06fca6b9b7bbb18c564d861f7 /source3
parent47a11f8a4c6156965163fd89bef668cd6612b70c (diff)
downloadsamba-5f224c2c265faa50e5495cc738f1a62c6aa70d56.tar.gz
samba-5f224c2c265faa50e5495cc738f1a62c6aa70d56.tar.bz2
samba-5f224c2c265faa50e5495cc738f1a62c6aa70d56.zip
r14170: Paranioa fix for sesssetup.
Fix Coverity bug #26. Guard against NULL ref. Jeremy. (This used to be commit c0f906ac8de850f4566b6b3be4e3c7d245e6e252)
Diffstat (limited to 'source3')
-rw-r--r--source3/libads/krb5_setpw.c26
-rw-r--r--source3/smbd/sesssetup.c5
2 files changed, 22 insertions, 9 deletions
diff --git a/source3/libads/krb5_setpw.c b/source3/libads/krb5_setpw.c
index 6ffd218e96..42ca36f344 100644
--- a/source3/libads/krb5_setpw.c
+++ b/source3/libads/krb5_setpw.c
@@ -65,19 +65,22 @@ static DATA_BLOB encode_krb5_setpw(const char *principal, const char *password)
princ = SMB_STRDUP(principal);
if ((c = strchr_m(princ, '/')) == NULL) {
- c = princ;
+ c = princ;
} else {
- *c = '\0';
- c++;
- princ_part1 = princ;
+ *c = '\0';
+ c++;
+ princ_part1 = princ;
}
princ_part2 = c;
if ((c = strchr_m(c, '@')) != NULL) {
- *c = '\0';
- c++;
- realm = c;
+ *c = '\0';
+ c++;
+ realm = c;
+ } else {
+ /* We must have a realm component. */
+ return data_blob(NULL, 0);
}
memset(&req, 0, sizeof(req));
@@ -97,8 +100,9 @@ static DATA_BLOB encode_krb5_setpw(const char *principal, const char *password)
asn1_push_tag(&req, ASN1_CONTEXT(1));
asn1_push_tag(&req, ASN1_SEQUENCE(0));
- if (princ_part1)
- asn1_write_GeneralString(&req, princ_part1);
+ if (princ_part1) {
+ asn1_write_GeneralString(&req, princ_part1);
+ }
asn1_write_GeneralString(&req, princ_part2);
asn1_pop_tag(&req);
@@ -151,6 +155,10 @@ static krb5_error_code build_kpasswd_request(uint16 pversion,
else
return EINVAL;
+ if (setpw.data == NULL || setpw.length == 0) {
+ return EINVAL;
+ }
+
encoded_setpw.data = (char *)setpw.data;
encoded_setpw.length = setpw.length;
diff --git a/source3/smbd/sesssetup.c b/source3/smbd/sesssetup.c
index d32ff9fa14..fcb778d1fe 100644
--- a/source3/smbd/sesssetup.c
+++ b/source3/smbd/sesssetup.c
@@ -1079,6 +1079,11 @@ int reply_sesssetup_and_X(connection_struct *conn, char *inbuf,char *outbuf,
return ERROR_NT(nt_status_squash(nt_status));
}
+ /* Ensure we can't possible take a code path leading to a null defref. */
+ if (!server_info) {
+ return ERROR_NT(NT_STATUS_LOGON_FAILURE);
+ }
+
nt_status = create_local_token(server_info);
if (!NT_STATUS_IS_OK(nt_status)) {
DEBUG(10, ("create_local_token failed: %s\n",