From e297625d96a6ad6deba4edf2dc69756ba67aa452 Mon Sep 17 00:00:00 2001
From: Stefan Metzmacher <metze@samba.org>
Date: Wed, 29 Sep 2010 20:36:40 +0200
Subject: s4:rpc_server/netlogon: netr_GetDcName should return WERR_DCNOTFOUND
 for invalid names

Only netbios domain names are allowed.

metze
---
 source4/rpc_server/netlogon/dcerpc_netlogon.c | 19 +++++++++++++++++++
 1 file changed, 19 insertions(+)

(limited to 'source4/rpc_server/netlogon/dcerpc_netlogon.c')

diff --git a/source4/rpc_server/netlogon/dcerpc_netlogon.c b/source4/rpc_server/netlogon/dcerpc_netlogon.c
index b4fe5dca88..6f88a723cf 100644
--- a/source4/rpc_server/netlogon/dcerpc_netlogon.c
+++ b/source4/rpc_server/netlogon/dcerpc_netlogon.c
@@ -940,6 +940,25 @@ static WERROR dcesrv_netr_GetDcName(struct dcesrv_call_state *dce_call, TALLOC_C
 	int ret;
 	const char *dcname;
 
+	/*
+	 * [MS-NRPC] 3.5.5.3.4 NetrGetDCName says
+	 * that the domainname needs to be a valid netbios domain
+	 * name, if it is not NULL.
+	 */
+	if (r->in.domainname) {
+		const char *dot = strchr(r->in.domainname, '.');
+		size_t len = strlen(r->in.domainname);
+
+		if (dot || len > 15) {
+			return WERR_DCNOTFOUND;
+		}
+
+		/*
+		 * TODO: Should we also varify that only valid
+		 *       netbios name characters are used?
+		 */
+	}
+
 	sam_ctx = samdb_connect(mem_ctx, dce_call->event_ctx,
 				dce_call->conn->dce_ctx->lp_ctx,
 				dce_call->conn->auth_state.session_info, 0);
-- 
cgit