From 395c366237dec1a38a53248d2e8df17f877207aa Mon Sep 17 00:00:00 2001
From: Günther Deschner <gd@samba.org>
Date: Fri, 4 Jan 2008 22:56:31 +0100
Subject: Do not pass emtpy wkssvc_PasswordBuffers to rpc functions.

Guenther
(This used to be commit fe75e5ccdfc2609380367e59215637b0de1ef241)
---
 source3/libsmb/smbencrypt.c | 20 ++++++++++++++------
 1 file changed, 14 insertions(+), 6 deletions(-)

(limited to 'source3/libsmb')

diff --git a/source3/libsmb/smbencrypt.c b/source3/libsmb/smbencrypt.c
index 9e37d1d6cf..d7f6f604f7 100644
--- a/source3/libsmb/smbencrypt.c
+++ b/source3/libsmb/smbencrypt.c
@@ -704,16 +704,22 @@ char *decrypt_trustdom_secret(const char *pass, DATA_BLOB *data_in)
 void encode_wkssvc_join_password_buffer(TALLOC_CTX *mem_ctx,
 					const char *pwd,
 					DATA_BLOB *session_key,
-					struct wkssvc_PasswordBuffer *pwd_buf)
+					struct wkssvc_PasswordBuffer **pwd_buf)
 {
 	uint8_t buffer[516];
 	struct MD5Context ctx;
-
-	DATA_BLOB confounded_session_key = data_blob_talloc(mem_ctx, NULL, 16);
-
+	struct wkssvc_PasswordBuffer *my_pwd_buf = NULL;
+	DATA_BLOB confounded_session_key;
 	int confounder_len = 8;
 	uint8_t confounder[8];
 
+	my_pwd_buf = talloc_zero(mem_ctx, struct wkssvc_PasswordBuffer);
+	if (!my_pwd_buf) {
+		return;
+	}
+
+	confounded_session_key = data_blob_talloc(mem_ctx, NULL, 16);
+
 	encode_pw_buffer(buffer, pwd, STR_UNICODE);
 
 	generate_random_buffer((uint8_t *)confounder, confounder_len);
@@ -725,10 +731,12 @@ void encode_wkssvc_join_password_buffer(TALLOC_CTX *mem_ctx,
 
 	SamOEMhashBlob(buffer, 516, &confounded_session_key);
 
-	memcpy(&pwd_buf->data[0], confounder, confounder_len);
-	memcpy(&pwd_buf->data[8], buffer, 516);
+	memcpy(&my_pwd_buf->data[0], confounder, confounder_len);
+	memcpy(&my_pwd_buf->data[8], buffer, 516);
 
 	data_blob_free(&confounded_session_key);
+
+	*pwd_buf = my_pwd_buf;
 }
 
 WERROR decode_wkssvc_join_password_buffer(TALLOC_CTX *mem_ctx,
-- 
cgit