From 9259481d8626c542eaa3f87b17e346d8ad85e994 Mon Sep 17 00:00:00 2001 From: Volker Lendecke Date: Fri, 7 May 2004 08:42:13 +0000 Subject: r545: Handing a NULL blob to base64_encode_data_blob leads to an invalid write of a 0 in base64_encode_data_blob. I don't know what the base64 encoding of a NULL string is, so fix the problematic caller I found. The real fix should go into base64_encode_data_blob. Volker (This used to be commit 55fd1e490efbe91c391c27101166284034cd32ef) --- source3/rpc_server/srv_samr_util.c | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) (limited to 'source3/rpc_server') diff --git a/source3/rpc_server/srv_samr_util.c b/source3/rpc_server/srv_samr_util.c index dd92e0d90a..417a712036 100644 --- a/source3/rpc_server/srv_samr_util.c +++ b/source3/rpc_server/srv_samr_util.c @@ -52,7 +52,8 @@ void copy_id20_to_sam_passwd(SAM_ACCOUNT *to, SAM_USER_INFO_20 *from) old_string = pdb_get_munged_dial(to); mung.length = from->hdr_munged_dial.uni_str_len; mung.data = (uint8 *) from->uni_munged_dial.buffer; - new_string = base64_encode_data_blob(mung); + new_string = (mung.length == 0) ? + NULL : base64_encode_data_blob(mung); DEBUG(10,("INFO_20 UNI_MUNGED_DIAL: %s -> %s\n",old_string, new_string)); if (STRING_CHANGED_NC(old_string,new_string)) pdb_set_munged_dial(to , new_string, PDB_CHANGED); @@ -210,7 +211,8 @@ void copy_id21_to_sam_passwd(SAM_ACCOUNT *to, SAM_USER_INFO_21 *from) old_string = pdb_get_munged_dial(to); mung.length = from->hdr_munged_dial.uni_str_len; mung.data = (uint8 *) from->uni_munged_dial.buffer; - newstr = base64_encode_data_blob(mung); + newstr = (mung.length == 0) ? + NULL : base64_encode_data_blob(mung); DEBUG(10,("INFO_21 UNI_MUNGED_DIAL: %s -> %s\n",old_string, newstr)); if (STRING_CHANGED_NC(old_string,newstr)) pdb_set_munged_dial(to , newstr, PDB_CHANGED); @@ -439,7 +441,8 @@ void copy_id23_to_sam_passwd(SAM_ACCOUNT *to, SAM_USER_INFO_23 *from) old_string = pdb_get_munged_dial(to); mung.length = from->hdr_munged_dial.uni_str_len; mung.data = (uint8 *) from->uni_munged_dial.buffer; - newstr = base64_encode_data_blob(mung); + newstr = (mung.length == 0) ? + NULL : base64_encode_data_blob(mung); DEBUG(10,("INFO_23 UNI_MUNGED_DIAL: %s -> %s\n",old_string, newstr)); if (STRING_CHANGED_NC(old_string, newstr)) pdb_set_munged_dial(to , newstr, PDB_CHANGED); -- cgit