From 3453bc7b1108390354c0825ee6b2b0bb28fca2f3 Mon Sep 17 00:00:00 2001 From: Simo Sorce Date: Fri, 3 Sep 2010 16:27:47 -0400 Subject: s3-dcerpc: make auth context opaque MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit This way we always double check in advance that the context is of the right type with talloc_get_type_abort instead of potentially accessing random memory by addressing the wrong structure in the union. Signed-off-by: Günther Deschner --- source3/rpc_server/srv_netlog_nt.c | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) (limited to 'source3/rpc_server/srv_netlog_nt.c') diff --git a/source3/rpc_server/srv_netlog_nt.c b/source3/rpc_server/srv_netlog_nt.c index 76da1d00d6..d821b04cdc 100644 --- a/source3/rpc_server/srv_netlog_nt.c +++ b/source3/rpc_server/srv_netlog_nt.c @@ -1426,12 +1426,16 @@ static NTSTATUS _netr_LogonSamLogon_base(struct pipes_struct *p, /* Get the pipe session key from the creds. */ memcpy(pipe_session_key, creds->session_key, 16); } else { + struct schannel_state *schannel_auth; /* Get the pipe session key from the schannel. */ if ((p->auth.auth_type != DCERPC_AUTH_TYPE_SCHANNEL) - || (p->auth.a_u.schannel_auth == NULL)) { + || (p->auth.auth_ctx == NULL)) { return NT_STATUS_INVALID_HANDLE; } - memcpy(pipe_session_key, p->auth.a_u.schannel_auth->creds->session_key, 16); + + schannel_auth = talloc_get_type_abort(p->auth.auth_ctx, + struct schannel_state); + memcpy(pipe_session_key, schannel_auth->creds->session_key, 16); } switch (r->in.validation_level) { -- cgit