[Samba] prs_mem_get: buffer overrun
M.Pflueger
franztu at institut.physiochem.uni-bonn.de
Thu Dec 7 08:52:57 GMT 2006
Hallo Volker,
it´s working now !
Many thanks,
Manfred
Volker Lendecke wrote:
> On Tue, Dec 05, 2006 at 05:15:07PM +0100, M.Pflueger wrote:
>
>> I repost this mail with a new subject line because on
>> the original one ("Unable to join domain from WNT4")
>> i've got no respnse.
>>
>
> Please try the attached patch. I simply forgot to merge this
> to 3.0.23d in time, sorry.
>
> Volker
>
> ------------------------------------------------------------------------
>
> Index: rpc_parse/parse_samr.c
> ===================================================================
> --- rpc_parse/parse_samr.c (Revision 18368)
> +++ rpc_parse/parse_samr.c (Revision 18369)
> @@ -5578,7 +5578,8 @@
> init_sam_user_infoa
> *************************************************************************/
>
> -void init_sam_user_info24(SAM_USER_INFO_24 * usr, char newpass[516], uint16 pw_len)
> +void init_sam_user_info24(SAM_USER_INFO_24 * usr, char newpass[516],
> + uint8 pw_len)
> {
> DEBUG(10, ("init_sam_user_info24:\n"));
> memcpy(usr->pass, newpass, sizeof(usr->pass));
> @@ -5606,10 +5607,10 @@
> return False;
>
> if (MARSHALLING(ps) && (usr->pw_len != 0)) {
> - if (!prs_uint16("pw_len", ps, depth, &usr->pw_len))
> + if (!prs_uint8("pw_len", ps, depth, &usr->pw_len))
> return False;
> } else if (UNMARSHALLING(ps)) {
> - if (!prs_uint16("pw_len", ps, depth, &usr->pw_len))
> + if (!prs_uint8("pw_len", ps, depth, &usr->pw_len))
> return False;
> }
>
> Index: include/rpc_samr.h
> ===================================================================
> --- include/rpc_samr.h (Revision 18368)
> +++ include/rpc_samr.h (Revision 18369)
> @@ -222,7 +222,7 @@
> typedef struct sam_user_info_24
> {
> uint8 pass[516];
> - uint16 pw_len;
> + uint8 pw_len;
> } SAM_USER_INFO_24;
>
> /*
>
More information about the samba
mailing list