From 6677eea3b1d2c352fda6d8de5f8a41e8a313156a Mon Sep 17 00:00:00 2001 From: Matthias Dieter Wallnöfer Date: Wed, 19 Aug 2009 11:58:42 +0200 Subject: s4:dsdb/common/util.c - Copy parameters to prevent segfaults The parameters "lmNewHash" and/or "ntNewHash" could be NULL and when we perform write operations on them (look below in the code) we could get SIGSEGVs! --- source4/dsdb/common/util.c | 11 ++++++++--- 1 file changed, 8 insertions(+), 3 deletions(-) (limited to 'source4/dsdb/common') diff --git a/source4/dsdb/common/util.c b/source4/dsdb/common/util.c index 189cb4ec82..6da02b0b6a 100644 --- a/source4/dsdb/common/util.c +++ b/source4/dsdb/common/util.c @@ -1578,8 +1578,8 @@ NTSTATUS samdb_set_password(struct ldb_context *ctx, TALLOC_CTX *mem_ctx, struct ldb_dn *domain_dn, struct ldb_message *mod, const DATA_BLOB *new_password, - struct samr_Password *lmNewHash, - struct samr_Password *ntNewHash, + struct samr_Password *param_lmNewHash, + struct samr_Password *param_ntNewHash, bool user_change, enum samr_RejectReason *reject_reason, struct samr_DomInfo1 **_dominfo) @@ -1596,7 +1596,8 @@ NTSTATUS samdb_set_password(struct ldb_context *ctx, TALLOC_CTX *mem_ctx, int64_t minPwdAge; uint_t minPwdLength, pwdProperties, pwdHistoryLength; uint_t userAccountControl; - struct samr_Password *sambaLMPwdHistory, *sambaNTPwdHistory, *lmPwdHash, *ntPwdHash; + struct samr_Password *sambaLMPwdHistory, *sambaNTPwdHistory, + *lmPwdHash, *ntPwdHash, *lmNewHash, *ntNewHash; struct samr_Password local_lmNewHash, local_ntNewHash; int sambaLMPwdHistory_len, sambaNTPwdHistory_len; struct dom_sid *domain_sid; @@ -1624,6 +1625,10 @@ NTSTATUS samdb_set_password(struct ldb_context *ctx, TALLOC_CTX *mem_ctx, ntPwdHash = samdb_result_hash(mem_ctx, res[0], "unicodePwd"); pwdLastSet = samdb_result_uint64(res[0], "pwdLastSet", 0); + /* Copy parameters */ + lmNewHash = param_lmNewHash; + ntNewHash = param_ntNewHash; + /* Only non-trust accounts have restrictions (possibly this * test is the wrong way around, but I like to be restrictive * if possible */ -- cgit