From a5dc8cb59145b400b6145b9f13231efdb7ff047c Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Fri, 29 Mar 2002 21:50:21 +0000 Subject: Don't core dump listing thousands of users in usrmgr. Jeremy. (This used to be commit c6566fa5fadf37a2b133e7be1f13c0de93efab34) --- source3/rpc_server/srv_lsa_nt.c | 29 ++++++++++++++++++++--------- source3/rpc_server/srv_samr_nt.c | 4 ++-- 2 files changed, 22 insertions(+), 11 deletions(-) (limited to 'source3') diff --git a/source3/rpc_server/srv_lsa_nt.c b/source3/rpc_server/srv_lsa_nt.c index e6fc66b672..af02a97769 100644 --- a/source3/rpc_server/srv_lsa_nt.c +++ b/source3/rpc_server/srv_lsa_nt.c @@ -577,16 +577,21 @@ NTSTATUS _lsa_lookup_sids(pipes_struct *p, LSA_Q_LOOKUP_SIDS *q_u, LSA_R_LOOKUP_ ref = (DOM_R_REF *)talloc_zero(p->mem_ctx, sizeof(DOM_R_REF)); names = (LSA_TRANS_NAME_ENUM *)talloc_zero(p->mem_ctx, sizeof(LSA_TRANS_NAME_ENUM)); - if (!find_policy_by_hnd(p, &q_u->pol, (void **)&handle)) - return NT_STATUS_INVALID_HANDLE; + if (!find_policy_by_hnd(p, &q_u->pol, (void **)&handle)) { + r_u->status = NT_STATUS_INVALID_HANDLE; + goto done; + } /* check if the user have enough rights */ - if (!(handle->access & POLICY_LOOKUP_NAMES)) - return NT_STATUS_ACCESS_DENIED; - + if (!(handle->access & POLICY_LOOKUP_NAMES)) { + r_u->status = NT_STATUS_ACCESS_DENIED; + goto done; + } if (!ref || !names) return NT_STATUS_NO_MEMORY; +done: + /* set up the LSA Lookup SIDs response */ init_lsa_trans_names(p->mem_ctx, ref, names, num_entries, sid, &mapped_count); init_reply_lookup_sids(r_u, ref, names, mapped_count); @@ -615,16 +620,22 @@ NTSTATUS _lsa_lookup_names(pipes_struct *p,LSA_Q_LOOKUP_NAMES *q_u, LSA_R_LOOKUP ref = (DOM_R_REF *)talloc_zero(p->mem_ctx, sizeof(DOM_R_REF)); rids = (DOM_RID2 *)talloc_zero(p->mem_ctx, sizeof(DOM_RID2)*num_entries); - if (!find_policy_by_hnd(p, &q_u->pol, (void **)&handle)) - return NT_STATUS_INVALID_HANDLE; + if (!find_policy_by_hnd(p, &q_u->pol, (void **)&handle)) { + r_u->status = NT_STATUS_INVALID_HANDLE; + goto done; + } /* check if the user have enough rights */ - if (!(handle->access & POLICY_LOOKUP_NAMES)) - return NT_STATUS_ACCESS_DENIED; + if (!(handle->access & POLICY_LOOKUP_NAMES)) { + r_u->status = NT_STATUS_ACCESS_DENIED; + goto done; + } if (!ref || !rids) return NT_STATUS_NO_MEMORY; +done: + /* set up the LSA Lookup RIDs response */ init_lsa_rid2s(ref, rids, num_entries, names, &mapped_count, p->endian); init_reply_lookup_names(r_u, ref, num_entries, rids, mapped_count); diff --git a/source3/rpc_server/srv_samr_nt.c b/source3/rpc_server/srv_samr_nt.c index e47619eb74..c83f6b3d8d 100644 --- a/source3/rpc_server/srv_samr_nt.c +++ b/source3/rpc_server/srv_samr_nt.c @@ -972,10 +972,10 @@ NTSTATUS _samr_query_dispinfo(pipes_struct *p, SAMR_Q_QUERY_DISPINFO *q_u, SAMR_ } /* calculate the size and limit on the number of entries we will return */ - temp_size=(enum_context+max_entries)*struct_size; + temp_size=max_entries*struct_size; if (temp_size>max_size) { - max_entries=max_size/struct_size; + max_entries=MIN((max_size/struct_size),max_entries);; DEBUG(5, ("samr_reply_query_dispinfo: buffer size limits to only %d entries\n", max_entries)); } -- cgit