From 4db9496bb41e4c05d0c1178b56b4da4e4d486697 Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Sun, 2 Jan 2005 23:31:12 +0000 Subject: r4490: when implementing one rpc server call in terms of another call, you must zero r.out before making the 2nd call if the 2nd call has any non-ref out parameters. This is needed for the case where the 2nd call fails, and the 1st call would then fill in its out fields based on uninitialised memory. (This used to be commit 202470326dcfaa5d36aaaf6be47eec40fed50402) --- source4/rpc_server/samr/dcesrv_samr.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) (limited to 'source4/rpc_server') diff --git a/source4/rpc_server/samr/dcesrv_samr.c b/source4/rpc_server/samr/dcesrv_samr.c index 3650c904a3..92de6fe402 100644 --- a/source4/rpc_server/samr/dcesrv_samr.c +++ b/source4/rpc_server/samr/dcesrv_samr.c @@ -3306,6 +3306,7 @@ static NTSTATUS samr_QueryUserInfo2(struct dcesrv_call_state *dce_call, TALLOC_C struct samr_QueryUserInfo r1; NTSTATUS status; + ZERO_STRUCT(r1.out); r1.in.user_handle = r->in.user_handle; r1.in.level = r->in.level; @@ -3321,7 +3322,7 @@ static NTSTATUS samr_QueryUserInfo2(struct dcesrv_call_state *dce_call, TALLOC_C samr_QueryDisplayInfo2 */ static NTSTATUS samr_QueryDisplayInfo2(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx, - struct samr_QueryDisplayInfo2 *r) + struct samr_QueryDisplayInfo2 *r) { struct samr_QueryDisplayInfo q; NTSTATUS result; @@ -3331,6 +3332,7 @@ static NTSTATUS samr_QueryDisplayInfo2(struct dcesrv_call_state *dce_call, TALLO q.in.start_idx = r->in.start_idx; q.in.max_entries = r->in.max_entries; q.in.buf_size = r->in.buf_size; + ZERO_STRUCT(q.out); result = samr_QueryDisplayInfo(dce_call, mem_ctx, &q); -- cgit