[SCM] Samba Shared Repository - branch master updated - release-4-0-0alpha7-979-g8b9f2ab

Günther Deschner gd at samba.org
Thu Apr 9 13:09:29 GMT 2009


The branch, master has been updated
       via  8b9f2abfcb956f3ad496cefcc9d8ced8eadf1470 (commit)
       via  1632a4ebabc7414c8fd05084cd7ca83fb9233297 (commit)
      from  acd7fef984cba906163b7114a087ca3904e47566 (commit)

http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master


- Log -----------------------------------------------------------------
commit 8b9f2abfcb956f3ad496cefcc9d8ced8eadf1470
Author: Günther Deschner <gd at samba.org>
Date:   Thu Apr 9 15:08:29 2009 +0200

    s3-svcctl: Fix invalid buffer memset in _svcctl_QueryServiceObjectSecurity().
    
    Found by torture-test.
    
    Guenther

commit 1632a4ebabc7414c8fd05084cd7ca83fb9233297
Author: Günther Deschner <gd at samba.org>
Date:   Thu Apr 9 10:26:17 2009 +0200

    s4-smbtorture: add test_QueryServiceObjectSecurity() to RPC-SVCCTL test.
    
    Guenther

-----------------------------------------------------------------------

Summary of changes:
 source3/rpc_server/srv_svcctl_nt.c |    1 -
 source4/torture/rpc/svcctl.c       |   55 ++++++++++++++++++++++++++++++++++++
 2 files changed, 55 insertions(+), 1 deletions(-)


Changeset truncated at 500 lines:

diff --git a/source3/rpc_server/srv_svcctl_nt.c b/source3/rpc_server/srv_svcctl_nt.c
index 8ed308a..350a5ca 100644
--- a/source3/rpc_server/srv_svcctl_nt.c
+++ b/source3/rpc_server/srv_svcctl_nt.c
@@ -873,7 +873,6 @@ WERROR _svcctl_QueryServiceObjectSecurity(pipes_struct *p,
 	*r->out.needed = ndr_size_security_descriptor( sec_desc, NULL, 0 );
 
 	if ( *r->out.needed > r->in.offered) {
-		ZERO_STRUCTP( &r->out.buffer );
 		return WERR_INSUFFICIENT_BUFFER;
 	}
 
diff --git a/source4/torture/rpc/svcctl.c b/source4/torture/rpc/svcctl.c
index 9c68268..2ed85ec 100644
--- a/source4/torture/rpc/svcctl.c
+++ b/source4/torture/rpc/svcctl.c
@@ -258,6 +258,59 @@ static bool test_QueryServiceConfig2W(struct torture_context *tctx, struct dcerp
 	return true;
 }
 
+static bool test_QueryServiceObjectSecurity(struct torture_context *tctx,
+					    struct dcerpc_pipe *p)
+{
+	struct svcctl_QueryServiceObjectSecurity r;
+	struct policy_handle h, s;
+
+	uint8_t *buffer;
+	uint32_t needed;
+
+	if (!test_OpenSCManager(p, tctx, &h))
+		return false;
+
+	if (!test_OpenService(p, tctx, &h, "Netlogon", &s))
+		return false;
+
+	r.in.handle = &s;
+	r.in.security_flags = 0;
+	r.in.offered = 0;
+	r.out.buffer = NULL;
+	r.out.needed = &needed;
+
+	torture_assert_ntstatus_ok(tctx,
+		dcerpc_svcctl_QueryServiceObjectSecurity(p, tctx, &r),
+		"QueryServiceObjectSecurity failed!");
+	torture_assert_werr_equal(tctx, r.out.result, WERR_INVALID_PARAM,
+		"QueryServiceObjectSecurity failed!");
+
+	r.in.security_flags = SECINFO_DACL;
+
+	torture_assert_ntstatus_ok(tctx,
+		dcerpc_svcctl_QueryServiceObjectSecurity(p, tctx, &r),
+		"QueryServiceObjectSecurity failed!");
+
+	if (W_ERROR_EQUAL(r.out.result, WERR_INSUFFICIENT_BUFFER)) {
+		r.in.offered = needed;
+		buffer = talloc_array(tctx, uint8_t, needed);
+		r.out.buffer = buffer;
+		torture_assert_ntstatus_ok(tctx,
+			dcerpc_svcctl_QueryServiceObjectSecurity(p, tctx, &r),
+			"QueryServiceObjectSecurity failed!");
+	}
+
+	torture_assert_werr_ok(tctx, r.out.result, "QueryServiceObjectSecurity failed!");
+
+	if (!test_CloseServiceHandle(p, tctx, &s))
+		return false;
+
+	if (!test_CloseServiceHandle(p, tctx, &h))
+		return false;
+
+	return true;
+}
+
 static bool test_EnumServicesStatus(struct torture_context *tctx, struct dcerpc_pipe *p)
 {
 	struct svcctl_EnumServicesStatusW r;
@@ -365,6 +418,8 @@ struct torture_suite *torture_rpc_svcctl(TALLOC_CTX *mem_ctx)
 				   test_QueryServiceConfigW);
 	torture_rpc_tcase_add_test(tcase, "QueryServiceConfig2W",
 				   test_QueryServiceConfig2W);
+	torture_rpc_tcase_add_test(tcase, "QueryServiceObjectSecurity",
+				   test_QueryServiceObjectSecurity);
 
 	return suite;
 }


-- 
Samba Shared Repository


More information about the samba-cvs mailing list