From bd40d94a05e5f3353b54b2cc94d76c58be7e3766 Mon Sep 17 00:00:00 2001
From: Andrew Tridgell <tridge@samba.org>
Date: Mon, 7 Jun 2004 08:50:21 +0000
Subject: r1060: check for an invalid session key in samr_set_password() (This
 used to be commit 5a90187c2cb7521cb7931355e5cf2f11d55a4ad0)

---
 source4/rpc_server/samr/samr_password.c | 5 +++++
 1 file changed, 5 insertions(+)

(limited to 'source4/rpc_server')

diff --git a/source4/rpc_server/samr/samr_password.c b/source4/rpc_server/samr/samr_password.c
index 95e783f072..d5f995feb8 100644
--- a/source4/rpc_server/samr/samr_password.c
+++ b/source4/rpc_server/samr/samr_password.c
@@ -695,6 +695,11 @@ NTSTATUS samr_set_password(struct dcesrv_call_state *dce_call,
 	uint32_t new_pass_len;
 	DATA_BLOB session_key = dce_call->conn->session_key;
 
+	if (session_key.length == 0) {
+		DEBUG(3,("Bad session key in samr_set_password\n"));
+		return NT_STATUS_WRONG_PASSWORD;
+	}
+
 	arcfour_crypt_blob(pwbuf->data, 516, &session_key);
 
 	if (!decode_pw_buffer(pwbuf->data, new_pass, sizeof(new_pass),
-- 
cgit