From 66468d23158694383f3759464ffa7ade1c1d6d6c Mon Sep 17 00:00:00 2001
From: Andrew Bartlett <abartlet@samba.org>
Date: Wed, 23 Apr 2003 14:07:33 +0000
Subject: Patch by Metze to ensure that we always at least initialize our
 output string for rpc_pull_string.  If we had a NULL or zero-length string,
 we would use uninitialised data in the result string.

Andrew Bartlett
(This used to be commit df10aee451b431a8a056a949a98393da256185da)
---
 source3/rpc_server/srv_samr_nt.c | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

(limited to 'source3/rpc_server')

diff --git a/source3/rpc_server/srv_samr_nt.c b/source3/rpc_server/srv_samr_nt.c
index 7b2cd78dc6..d6441fd361 100644
--- a/source3/rpc_server/srv_samr_nt.c
+++ b/source3/rpc_server/srv_samr_nt.c
@@ -1473,13 +1473,14 @@ NTSTATUS _samr_lookup_names(pipes_struct *p, SAMR_Q_LOOKUP_NAMES *q_u, SAMR_R_LO
 	for (i = 0; i < num_rids; i++) {
 		fstring name;
             	DOM_SID sid;
+            	int ret;
 
 	        r_u->status = NT_STATUS_NONE_MAPPED;
 
 	        rid [i] = 0xffffffff;
 	        type[i] = SID_NAME_UNKNOWN;
 
-		rpcstr_pull(name, q_u->uni_name[i].buffer, sizeof(name), q_u->uni_name[i].uni_str_len*2, 0);
+		ret = rpcstr_pull(name, q_u->uni_name[i].buffer, sizeof(name), q_u->uni_name[i].uni_str_len*2, 0);
 
  		/*
 		 * we are only looking for a name
@@ -1492,7 +1493,8 @@ NTSTATUS _samr_lookup_names(pipes_struct *p, SAMR_Q_LOOKUP_NAMES *q_u, SAMR_R_LO
 		 * a cleaner code is to add the sid of the domain we're looking in
 		 * to the local_lookup_name function.
 		 */
-            	if(local_lookup_name(name, &sid, &local_type)) {
+		 
+            	if ((ret > 0) && local_lookup_name(name, &sid, &local_type)) {
                 	sid_split_rid(&sid, &local_rid);
 				
 			if (sid_equal(&sid, &pol_sid)) {
-- 
cgit