diff options
author | Matthias Dieter Wallnöfer <mdw@samba.org> | 2011-03-01 13:03:59 +0100 |
---|---|---|
committer | Matthias Dieter Wallnöfer <mdw@samba.org> | 2011-03-01 13:55:45 +0100 |
commit | fecf925043be5de1ed9d6f3a171ffeab1530d9c9 (patch) | |
tree | 6ebb378ffbc3cfc6cef0c1e82c03606f09691104 /source4 | |
parent | 0e68867b269ad54a8b05441fa81a9ce523b0325b (diff) | |
download | samba-fecf925043be5de1ed9d6f3a171ffeab1530d9c9.tar.gz samba-fecf925043be5de1ed9d6f3a171ffeab1530d9c9.tar.bz2 samba-fecf925043be5de1ed9d6f3a171ffeab1530d9c9.zip |
s4:drsuapi RPC server - check for the "SPN" attribute != NULL
The SPN attribute could derive from an untrusted source (client).
Reviewed-by: Jelmer
Diffstat (limited to 'source4')
-rw-r--r-- | source4/rpc_server/drsuapi/writespn.c | 6 |
1 files changed, 6 insertions, 0 deletions
diff --git a/source4/rpc_server/drsuapi/writespn.c b/source4/rpc_server/drsuapi/writespn.c index e2e12f1689..63fdef21f5 100644 --- a/source4/rpc_server/drsuapi/writespn.c +++ b/source4/rpc_server/drsuapi/writespn.c @@ -59,6 +59,12 @@ static bool writespn_check_spn(struct drsuapi_bind_state *b_state, krb5_principal principal; const char *dns_name, *dnsHostName; + /* The service principal name shouldn't be NULL */ + if (spn == NULL) { + talloc_free(tmp_ctx); + return false; + } + /* get the objectSid of the DN that is being modified, and check it matches the user_sid in their token |