diff options
Diffstat (limited to 'source3/rpc_server')
| -rw-r--r-- | source3/rpc_server/srv_eventlog_nt.c | 12 | ||||
| -rw-r--r-- | source3/rpc_server/srv_lsa_nt.c | 5 | ||||
| -rw-r--r-- | source3/rpc_server/srv_netlog_nt.c | 5 | ||||
| -rw-r--r-- | source3/rpc_server/srv_samr_nt.c | 23 |
4 files changed, 40 insertions, 5 deletions
diff --git a/source3/rpc_server/srv_eventlog_nt.c b/source3/rpc_server/srv_eventlog_nt.c index 284ee37348..c1c0b6a0e2 100644 --- a/source3/rpc_server/srv_eventlog_nt.c +++ b/source3/rpc_server/srv_eventlog_nt.c @@ -682,6 +682,10 @@ NTSTATUS _eventlog_read_eventlog( pipes_struct * p, int bytes_left, record_number; uint32 elog_read_type, elog_read_dir; + if (info == NULL) { + return NT_STATUS_INVALID_HANDLE; + } + info->flags = q_u->flags; ps = &p->out_data.rdata; @@ -768,6 +772,10 @@ NTSTATUS _eventlog_get_oldest_entry( pipes_struct * p, { EVENTLOG_INFO *info = find_eventlog_info_by_hnd( p, &q_u->handle ); + if (info == NULL) { + return NT_STATUS_INVALID_HANDLE; + } + if ( !( get_oldest_entry_hook( info ) ) ) return NT_STATUS_ACCESS_DENIED; @@ -785,6 +793,10 @@ NTSTATUS _eventlog_get_num_records( pipes_struct * p, { EVENTLOG_INFO *info = find_eventlog_info_by_hnd( p, &q_u->handle ); + if (info == NULL) { + return NT_STATUS_INVALID_HANDLE; + } + if ( !( get_num_records_hook( info ) ) ) return NT_STATUS_ACCESS_DENIED; diff --git a/source3/rpc_server/srv_lsa_nt.c b/source3/rpc_server/srv_lsa_nt.c index d5222bbcb9..ae9795952c 100644 --- a/source3/rpc_server/srv_lsa_nt.c +++ b/source3/rpc_server/srv_lsa_nt.c @@ -1133,6 +1133,11 @@ NTSTATUS _lsa_lookup_names2(pipes_struct *p, LSA_Q_LOOKUP_NAMES2 *q_u, LSA_R_LOO rids = TALLOC_ZERO_ARRAY(p->mem_ctx, DOM_RID, num_entries); rids2 = TALLOC_ZERO_ARRAY(p->mem_ctx, DOM_RID2, num_entries); + if ((ref == NULL) || (rids == NULL) || (rids2 == NULL)) { + r_u->status = NT_STATUS_NO_MEMORY; + goto done; + } + if (!find_policy_by_hnd(p, &q_u->pol, (void **)(void *)&handle)) { r_u->status = NT_STATUS_INVALID_HANDLE; goto done; diff --git a/source3/rpc_server/srv_netlog_nt.c b/source3/rpc_server/srv_netlog_nt.c index 10cd5c82ba..6603d2f1d4 100644 --- a/source3/rpc_server/srv_netlog_nt.c +++ b/source3/rpc_server/srv_netlog_nt.c @@ -985,6 +985,11 @@ static NTSTATUS _net_sam_logon_internal(pipes_struct *p, user_sid = pdb_get_user_sid(sampw); group_sid = pdb_get_group_sid(sampw); + if ((user_sid == NULL) || (group_sid == NULL)) { + DEBUG(1, ("_net_sam_logon: User without group or user SID\n")); + return NT_STATUS_UNSUCCESSFUL; + } + sid_copy(&domain_sid, user_sid); sid_split_rid(&domain_sid, &user_rid); diff --git a/source3/rpc_server/srv_samr_nt.c b/source3/rpc_server/srv_samr_nt.c index 5e82ecd0ca..bfae47ef25 100644 --- a/source3/rpc_server/srv_samr_nt.c +++ b/source3/rpc_server/srv_samr_nt.c @@ -3207,8 +3207,14 @@ static NTSTATUS set_user_info_23(TALLOC_CTX *mem_ctx, SAM_USER_INFO_23 *id23, } else { /* update the UNIX password */ if (lp_unix_password_sync() ) { - struct passwd *passwd = Get_Pwnam(pdb_get_username(pwd)); - if (!passwd) { + struct passwd *passwd; + if (pdb_get_username(pwd) == NULL) { + DEBUG(1, ("chgpasswd: User without name???\n")); + TALLOC_FREE(pwd); + return NT_STATUS_ACCESS_DENIED; + } + + if ((passwd = Get_Pwnam(pdb_get_username(pwd))) == NULL) { DEBUG(1, ("chgpasswd: Username does not exist in system !?!\n")); } @@ -3273,8 +3279,15 @@ static BOOL set_user_info_pw(uint8 *pass, struct samu *pwd) } else { /* update the UNIX password */ if (lp_unix_password_sync()) { - struct passwd *passwd = Get_Pwnam(pdb_get_username(pwd)); - if (!passwd) { + struct passwd *passwd; + + if (pdb_get_username(pwd) == NULL) { + DEBUG(1, ("chgpasswd: User without name???\n")); + TALLOC_FREE(pwd); + return False; + } + + if ((passwd = Get_Pwnam(pdb_get_username(pwd))) == NULL) { DEBUG(1, ("chgpasswd: Username does not exist in system !?!\n")); } @@ -3800,7 +3813,7 @@ NTSTATUS _samr_query_groupmem(pipes_struct *p, SAMR_Q_QUERY_GROUPMEM *q_u, SAMR_ attr=TALLOC_ZERO_ARRAY(p->mem_ctx, uint32, num_members); - if ((num_members!=0) && (rid==NULL)) + if ((num_members!=0) && (attr==NULL)) return NT_STATUS_NO_MEMORY; for (i=0; i<num_members; i++) |