From c39d1b829b02d275ea1052afec58ab40f22267a3 Mon Sep 17 00:00:00 2001
From: Andrew Bartlett <abartlet@samba.org>
Date: Mon, 22 Sep 2008 17:50:43 -0700
Subject: Remove unused parameter from decode_pw_buffer and fail on invalid
 UTF-16 input

The input checking is important, as otherwise we could set the wrong
password.

Andrew Bartlett
---
 source4/rpc_server/netlogon/dcerpc_netlogon.c |  3 +--
 source4/rpc_server/samr/samr_password.c       | 10 ++++------
 2 files changed, 5 insertions(+), 8 deletions(-)

(limited to 'source4/rpc_server')

diff --git a/source4/rpc_server/netlogon/dcerpc_netlogon.c b/source4/rpc_server/netlogon/dcerpc_netlogon.c
index 6f4287f9d8..cceb2a62ac 100644
--- a/source4/rpc_server/netlogon/dcerpc_netlogon.c
+++ b/source4/rpc_server/netlogon/dcerpc_netlogon.c
@@ -337,7 +337,6 @@ static NTSTATUS dcesrv_netr_ServerPasswordSet2(struct dcesrv_call_state *dce_cal
 	struct ldb_context *sam_ctx;
 	NTSTATUS nt_status;
 	char new_pass[512];
-	uint32_t new_pass_len;
 	bool ret;
 
 	struct samr_CryptPassword password_buf;
@@ -358,7 +357,7 @@ static NTSTATUS dcesrv_netr_ServerPasswordSet2(struct dcesrv_call_state *dce_cal
 	creds_arcfour_crypt(creds, password_buf.data, 516);
 
 	ret = decode_pw_buffer(password_buf.data, new_pass, sizeof(new_pass),
-			       &new_pass_len, STR_UNICODE);
+			       STR_UNICODE);
 	if (!ret) {
 		DEBUG(3,("netr_ServerPasswordSet2: failed to decode password buffer\n"));
 		return NT_STATUS_ACCESS_DENIED;
diff --git a/source4/rpc_server/samr/samr_password.c b/source4/rpc_server/samr/samr_password.c
index b78a9ceaa7..5b8e92583b 100644
--- a/source4/rpc_server/samr/samr_password.c
+++ b/source4/rpc_server/samr/samr_password.c
@@ -243,7 +243,7 @@ NTSTATUS dcesrv_samr_OemChangePasswordUser2(struct dcesrv_call_state *dce_call,
 	data_blob_free(&lm_pwd_blob);
 	
 	if (!decode_pw_buffer(pwbuf->data, new_pass, sizeof(new_pass),
-			      &new_pass_len, STR_ASCII)) {
+			      STR_ASCII)) {
 		ldb_transaction_cancel(sam_ctx);
 		DEBUG(3,("samr: failed to decode password buffer\n"));
 		return NT_STATUS_WRONG_PASSWORD;
@@ -321,7 +321,6 @@ NTSTATUS dcesrv_samr_ChangePasswordUser3(struct dcesrv_call_state *dce_call,
 {	
 	NTSTATUS status;
 	char new_pass[512];
-	uint32_t new_pass_len;
 	struct ldb_context *sam_ctx = NULL;
 	struct ldb_dn *user_dn;
 	int ret;
@@ -386,7 +385,7 @@ NTSTATUS dcesrv_samr_ChangePasswordUser3(struct dcesrv_call_state *dce_call,
 	data_blob_free(&nt_pwd_blob);
 
 	if (!decode_pw_buffer(r->in.nt_password->data, new_pass, sizeof(new_pass),
-			      &new_pass_len, STR_UNICODE)) {
+			      STR_UNICODE)) {
 		DEBUG(3,("samr: failed to decode password buffer\n"));
 		status = NT_STATUS_WRONG_PASSWORD;
 		goto failed;
@@ -519,7 +518,6 @@ NTSTATUS samr_set_password(struct dcesrv_call_state *dce_call,
 {
 	NTSTATUS nt_status;
 	char new_pass[512];
-	uint32_t new_pass_len;
 	DATA_BLOB session_key = data_blob(NULL, 0);
 
 	nt_status = dcesrv_fetch_session_key(dce_call->conn, &session_key);
@@ -530,7 +528,7 @@ NTSTATUS samr_set_password(struct dcesrv_call_state *dce_call,
 	arcfour_crypt_blob(pwbuf->data, 516, &session_key);
 
 	if (!decode_pw_buffer(pwbuf->data, new_pass, sizeof(new_pass),
-			      &new_pass_len, STR_UNICODE)) {
+			      STR_UNICODE)) {
 		DEBUG(3,("samr: failed to decode password buffer\n"));
 		return NT_STATUS_WRONG_PASSWORD;
 	}
@@ -583,7 +581,7 @@ NTSTATUS samr_set_password_ex(struct dcesrv_call_state *dce_call,
 	arcfour_crypt_blob(pwbuf->data, 516, &co_session_key);
 
 	if (!decode_pw_buffer(pwbuf->data, new_pass, sizeof(new_pass),
-			      &new_pass_len, STR_UNICODE)) {
+			      STR_UNICODE)) {
 		DEBUG(3,("samr: failed to decode password buffer\n"));
 		return NT_STATUS_WRONG_PASSWORD;
 	}
-- 
cgit