summaryrefslogtreecommitdiff
path: root/source4
diff options
context:
space:
mode:
authorMatthias Dieter Wallnöfer <mdw@samba.org>2011-03-01 13:03:59 +0100
committerMatthias Dieter Wallnöfer <mdw@samba.org>2011-03-01 13:55:45 +0100
commitfecf925043be5de1ed9d6f3a171ffeab1530d9c9 (patch)
tree6ebb378ffbc3cfc6cef0c1e82c03606f09691104 /source4
parent0e68867b269ad54a8b05441fa81a9ce523b0325b (diff)
downloadsamba-fecf925043be5de1ed9d6f3a171ffeab1530d9c9.tar.gz
samba-fecf925043be5de1ed9d6f3a171ffeab1530d9c9.tar.bz2
samba-fecf925043be5de1ed9d6f3a171ffeab1530d9c9.zip
s4:drsuapi RPC server - check for the "SPN" attribute != NULL
The SPN attribute could derive from an untrusted source (client). Reviewed-by: Jelmer
Diffstat (limited to 'source4')
-rw-r--r--source4/rpc_server/drsuapi/writespn.c6
1 files changed, 6 insertions, 0 deletions
diff --git a/source4/rpc_server/drsuapi/writespn.c b/source4/rpc_server/drsuapi/writespn.c
index e2e12f1689..63fdef21f5 100644
--- a/source4/rpc_server/drsuapi/writespn.c
+++ b/source4/rpc_server/drsuapi/writespn.c
@@ -59,6 +59,12 @@ static bool writespn_check_spn(struct drsuapi_bind_state *b_state,
krb5_principal principal;
const char *dns_name, *dnsHostName;
+ /* The service principal name shouldn't be NULL */
+ if (spn == NULL) {
+ talloc_free(tmp_ctx);
+ return false;
+ }
+
/*
get the objectSid of the DN that is being modified, and
check it matches the user_sid in their token