diff options
| author | Andrew Bartlett <abartlet@samba.org> | 2008-09-22 17:50:43 -0700 |
|---|---|---|
| committer | Andrew Bartlett <abartlet@samba.org> | 2008-09-22 17:50:43 -0700 |
| commit | c39d1b829b02d275ea1052afec58ab40f22267a3 (patch) | |
| tree | fa1884b01df6bccebbf7d2bb978eb2d7cd3a0bc4 /source4/rpc_server | |
| parent | aaa45c832596d8f1b75f09f1de8fbee7483f6977 (diff) | |
| download | samba-c39d1b829b02d275ea1052afec58ab40f22267a3.tar.gz samba-c39d1b829b02d275ea1052afec58ab40f22267a3.tar.bz2 samba-c39d1b829b02d275ea1052afec58ab40f22267a3.zip | |
Remove unused parameter from decode_pw_buffer and fail on invalid
UTF-16 input
The input checking is important, as otherwise we could set the wrong
password.
Andrew Bartlett
Diffstat (limited to 'source4/rpc_server')
| -rw-r--r-- | source4/rpc_server/netlogon/dcerpc_netlogon.c | 3 | ||||
| -rw-r--r-- | source4/rpc_server/samr/samr_password.c | 10 |
2 files changed, 5 insertions, 8 deletions
diff --git a/source4/rpc_server/netlogon/dcerpc_netlogon.c b/source4/rpc_server/netlogon/dcerpc_netlogon.c index 6f4287f9d8..cceb2a62ac 100644 --- a/source4/rpc_server/netlogon/dcerpc_netlogon.c +++ b/source4/rpc_server/netlogon/dcerpc_netlogon.c @@ -337,7 +337,6 @@ static NTSTATUS dcesrv_netr_ServerPasswordSet2(struct dcesrv_call_state *dce_cal struct ldb_context *sam_ctx; NTSTATUS nt_status; char new_pass[512]; - uint32_t new_pass_len; bool ret; struct samr_CryptPassword password_buf; @@ -358,7 +357,7 @@ static NTSTATUS dcesrv_netr_ServerPasswordSet2(struct dcesrv_call_state *dce_cal creds_arcfour_crypt(creds, password_buf.data, 516); ret = decode_pw_buffer(password_buf.data, new_pass, sizeof(new_pass), - &new_pass_len, STR_UNICODE); + STR_UNICODE); if (!ret) { DEBUG(3,("netr_ServerPasswordSet2: failed to decode password buffer\n")); return NT_STATUS_ACCESS_DENIED; diff --git a/source4/rpc_server/samr/samr_password.c b/source4/rpc_server/samr/samr_password.c index b78a9ceaa7..5b8e92583b 100644 --- a/source4/rpc_server/samr/samr_password.c +++ b/source4/rpc_server/samr/samr_password.c @@ -243,7 +243,7 @@ NTSTATUS dcesrv_samr_OemChangePasswordUser2(struct dcesrv_call_state *dce_call, data_blob_free(&lm_pwd_blob); if (!decode_pw_buffer(pwbuf->data, new_pass, sizeof(new_pass), - &new_pass_len, STR_ASCII)) { + STR_ASCII)) { ldb_transaction_cancel(sam_ctx); DEBUG(3,("samr: failed to decode password buffer\n")); return NT_STATUS_WRONG_PASSWORD; @@ -321,7 +321,6 @@ NTSTATUS dcesrv_samr_ChangePasswordUser3(struct dcesrv_call_state *dce_call, { NTSTATUS status; char new_pass[512]; - uint32_t new_pass_len; struct ldb_context *sam_ctx = NULL; struct ldb_dn *user_dn; int ret; @@ -386,7 +385,7 @@ NTSTATUS dcesrv_samr_ChangePasswordUser3(struct dcesrv_call_state *dce_call, data_blob_free(&nt_pwd_blob); if (!decode_pw_buffer(r->in.nt_password->data, new_pass, sizeof(new_pass), - &new_pass_len, STR_UNICODE)) { + STR_UNICODE)) { DEBUG(3,("samr: failed to decode password buffer\n")); status = NT_STATUS_WRONG_PASSWORD; goto failed; @@ -519,7 +518,6 @@ NTSTATUS samr_set_password(struct dcesrv_call_state *dce_call, { NTSTATUS nt_status; char new_pass[512]; - uint32_t new_pass_len; DATA_BLOB session_key = data_blob(NULL, 0); nt_status = dcesrv_fetch_session_key(dce_call->conn, &session_key); @@ -530,7 +528,7 @@ NTSTATUS samr_set_password(struct dcesrv_call_state *dce_call, arcfour_crypt_blob(pwbuf->data, 516, &session_key); if (!decode_pw_buffer(pwbuf->data, new_pass, sizeof(new_pass), - &new_pass_len, STR_UNICODE)) { + STR_UNICODE)) { DEBUG(3,("samr: failed to decode password buffer\n")); return NT_STATUS_WRONG_PASSWORD; } @@ -583,7 +581,7 @@ NTSTATUS samr_set_password_ex(struct dcesrv_call_state *dce_call, arcfour_crypt_blob(pwbuf->data, 516, &co_session_key); if (!decode_pw_buffer(pwbuf->data, new_pass, sizeof(new_pass), - &new_pass_len, STR_UNICODE)) { + STR_UNICODE)) { DEBUG(3,("samr: failed to decode password buffer\n")); return NT_STATUS_WRONG_PASSWORD; } |