From 81435bf26bf1081eeff0f1a06f40478c87e6dcb4 Mon Sep 17 00:00:00 2001
From: Günther Deschner <gd@samba.org>
Date: Fri, 21 Oct 2011 11:06:14 +0200
Subject: s3-netapi: use NetApiBufferAllocate() for returned buffer in getdc
 calls.

Guenther
---
 source3/lib/netapi/getdc.c | 32 ++++++++++++++++++++++++++++++--
 1 file changed, 30 insertions(+), 2 deletions(-)

(limited to 'source3/lib/netapi/getdc.c')

diff --git a/source3/lib/netapi/getdc.c b/source3/lib/netapi/getdc.c
index e753deacb0..3b26d46db4 100644
--- a/source3/lib/netapi/getdc.c
+++ b/source3/lib/netapi/getdc.c
@@ -43,6 +43,8 @@ WERROR NetGetDCName_r(struct libnetapi_ctx *ctx,
 	NTSTATUS status;
 	WERROR werr;
 	struct dcerpc_binding_handle *b;
+	const char *dcname;
+	void *buffer;
 
 	werr = libnetapi_get_binding_handle(ctx, r->in.server_name,
 					    &ndr_table_netlogon.syntax_id,
@@ -54,12 +56,24 @@ WERROR NetGetDCName_r(struct libnetapi_ctx *ctx,
 	status = dcerpc_netr_GetDcName(b, talloc_tos(),
 				       r->in.server_name,
 				       r->in.domain_name,
-				       (const char **)r->out.buffer,
+				       &dcname,
 				       &werr);
 
 	if (!NT_STATUS_IS_OK(status)) {
 		werr = ntstatus_to_werror(status);
+		goto done;
+	}
+
+	if (!W_ERROR_IS_OK(werr)) {
+		goto done;
+	}
+
+	if (NetApiBufferAllocate(strlen_m_term(dcname), &buffer)) {
+		werr = WERR_NOMEM;
+		goto done;
 	}
+	memcpy(buffer, dcname, strlen_m_term(dcname));
+	*r->out.buffer = buffer;
  done:
 
 	return werr;
@@ -83,6 +97,8 @@ WERROR NetGetAnyDCName_r(struct libnetapi_ctx *ctx,
 	NTSTATUS status;
 	WERROR werr;
 	struct dcerpc_binding_handle *b;
+	const char *dcname;
+	void *buffer;
 
 	werr = libnetapi_get_binding_handle(ctx, r->in.server_name,
 					    &ndr_table_netlogon.syntax_id,
@@ -94,12 +110,24 @@ WERROR NetGetAnyDCName_r(struct libnetapi_ctx *ctx,
 	status = dcerpc_netr_GetAnyDCName(b, talloc_tos(),
 					  r->in.server_name,
 					  r->in.domain_name,
-					  (const char **)r->out.buffer,
+					  &dcname,
 					  &werr);
 	if (!NT_STATUS_IS_OK(status)) {
 		werr = ntstatus_to_werror(status);
 		goto done;
 	}
+
+	if (!W_ERROR_IS_OK(werr)) {
+		goto done;
+	}
+
+	if (NetApiBufferAllocate(strlen_m_term(dcname), &buffer)) {
+		werr = WERR_NOMEM;
+		goto done;
+	}
+	memcpy(buffer, dcname, strlen_m_term(dcname));
+	*r->out.buffer = buffer;
+
  done:
 
 	return werr;
-- 
cgit