diff options
| -rw-r--r-- | source3/libads/krb5_setpw.c | 26 | ||||
| -rw-r--r-- | source3/smbd/sesssetup.c | 5 |
2 files changed, 22 insertions, 9 deletions
diff --git a/source3/libads/krb5_setpw.c b/source3/libads/krb5_setpw.c index 6ffd218e96..42ca36f344 100644 --- a/source3/libads/krb5_setpw.c +++ b/source3/libads/krb5_setpw.c @@ -65,19 +65,22 @@ static DATA_BLOB encode_krb5_setpw(const char *principal, const char *password) princ = SMB_STRDUP(principal); if ((c = strchr_m(princ, '/')) == NULL) { - c = princ; + c = princ; } else { - *c = '\0'; - c++; - princ_part1 = princ; + *c = '\0'; + c++; + princ_part1 = princ; } princ_part2 = c; if ((c = strchr_m(c, '@')) != NULL) { - *c = '\0'; - c++; - realm = c; + *c = '\0'; + c++; + realm = c; + } else { + /* We must have a realm component. */ + return data_blob(NULL, 0); } memset(&req, 0, sizeof(req)); @@ -97,8 +100,9 @@ static DATA_BLOB encode_krb5_setpw(const char *principal, const char *password) asn1_push_tag(&req, ASN1_CONTEXT(1)); asn1_push_tag(&req, ASN1_SEQUENCE(0)); - if (princ_part1) - asn1_write_GeneralString(&req, princ_part1); + if (princ_part1) { + asn1_write_GeneralString(&req, princ_part1); + } asn1_write_GeneralString(&req, princ_part2); asn1_pop_tag(&req); @@ -151,6 +155,10 @@ static krb5_error_code build_kpasswd_request(uint16 pversion, else return EINVAL; + if (setpw.data == NULL || setpw.length == 0) { + return EINVAL; + } + encoded_setpw.data = (char *)setpw.data; encoded_setpw.length = setpw.length; diff --git a/source3/smbd/sesssetup.c b/source3/smbd/sesssetup.c index d32ff9fa14..fcb778d1fe 100644 --- a/source3/smbd/sesssetup.c +++ b/source3/smbd/sesssetup.c @@ -1079,6 +1079,11 @@ int reply_sesssetup_and_X(connection_struct *conn, char *inbuf,char *outbuf, return ERROR_NT(nt_status_squash(nt_status)); } + /* Ensure we can't possible take a code path leading to a null defref. */ + if (!server_info) { + return ERROR_NT(NT_STATUS_LOGON_FAILURE); + } + nt_status = create_local_token(server_info); if (!NT_STATUS_IS_OK(nt_status)) { DEBUG(10, ("create_local_token failed: %s\n", |