[SCM] Samba Shared Repository - branch master updated -
release-4-0-0alpha7-979-g8b9f2ab
Günther Deschner
gd at samba.org
Thu Apr 9 13:09:29 GMT 2009
The branch, master has been updated
via 8b9f2abfcb956f3ad496cefcc9d8ced8eadf1470 (commit)
via 1632a4ebabc7414c8fd05084cd7ca83fb9233297 (commit)
from acd7fef984cba906163b7114a087ca3904e47566 (commit)
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master
- Log -----------------------------------------------------------------
commit 8b9f2abfcb956f3ad496cefcc9d8ced8eadf1470
Author: Günther Deschner <gd at samba.org>
Date: Thu Apr 9 15:08:29 2009 +0200
s3-svcctl: Fix invalid buffer memset in _svcctl_QueryServiceObjectSecurity().
Found by torture-test.
Guenther
commit 1632a4ebabc7414c8fd05084cd7ca83fb9233297
Author: Günther Deschner <gd at samba.org>
Date: Thu Apr 9 10:26:17 2009 +0200
s4-smbtorture: add test_QueryServiceObjectSecurity() to RPC-SVCCTL test.
Guenther
-----------------------------------------------------------------------
Summary of changes:
source3/rpc_server/srv_svcctl_nt.c | 1 -
source4/torture/rpc/svcctl.c | 55 ++++++++++++++++++++++++++++++++++++
2 files changed, 55 insertions(+), 1 deletions(-)
Changeset truncated at 500 lines:
diff --git a/source3/rpc_server/srv_svcctl_nt.c b/source3/rpc_server/srv_svcctl_nt.c
index 8ed308a..350a5ca 100644
--- a/source3/rpc_server/srv_svcctl_nt.c
+++ b/source3/rpc_server/srv_svcctl_nt.c
@@ -873,7 +873,6 @@ WERROR _svcctl_QueryServiceObjectSecurity(pipes_struct *p,
*r->out.needed = ndr_size_security_descriptor( sec_desc, NULL, 0 );
if ( *r->out.needed > r->in.offered) {
- ZERO_STRUCTP( &r->out.buffer );
return WERR_INSUFFICIENT_BUFFER;
}
diff --git a/source4/torture/rpc/svcctl.c b/source4/torture/rpc/svcctl.c
index 9c68268..2ed85ec 100644
--- a/source4/torture/rpc/svcctl.c
+++ b/source4/torture/rpc/svcctl.c
@@ -258,6 +258,59 @@ static bool test_QueryServiceConfig2W(struct torture_context *tctx, struct dcerp
return true;
}
+static bool test_QueryServiceObjectSecurity(struct torture_context *tctx,
+ struct dcerpc_pipe *p)
+{
+ struct svcctl_QueryServiceObjectSecurity r;
+ struct policy_handle h, s;
+
+ uint8_t *buffer;
+ uint32_t needed;
+
+ if (!test_OpenSCManager(p, tctx, &h))
+ return false;
+
+ if (!test_OpenService(p, tctx, &h, "Netlogon", &s))
+ return false;
+
+ r.in.handle = &s;
+ r.in.security_flags = 0;
+ r.in.offered = 0;
+ r.out.buffer = NULL;
+ r.out.needed = &needed;
+
+ torture_assert_ntstatus_ok(tctx,
+ dcerpc_svcctl_QueryServiceObjectSecurity(p, tctx, &r),
+ "QueryServiceObjectSecurity failed!");
+ torture_assert_werr_equal(tctx, r.out.result, WERR_INVALID_PARAM,
+ "QueryServiceObjectSecurity failed!");
+
+ r.in.security_flags = SECINFO_DACL;
+
+ torture_assert_ntstatus_ok(tctx,
+ dcerpc_svcctl_QueryServiceObjectSecurity(p, tctx, &r),
+ "QueryServiceObjectSecurity failed!");
+
+ if (W_ERROR_EQUAL(r.out.result, WERR_INSUFFICIENT_BUFFER)) {
+ r.in.offered = needed;
+ buffer = talloc_array(tctx, uint8_t, needed);
+ r.out.buffer = buffer;
+ torture_assert_ntstatus_ok(tctx,
+ dcerpc_svcctl_QueryServiceObjectSecurity(p, tctx, &r),
+ "QueryServiceObjectSecurity failed!");
+ }
+
+ torture_assert_werr_ok(tctx, r.out.result, "QueryServiceObjectSecurity failed!");
+
+ if (!test_CloseServiceHandle(p, tctx, &s))
+ return false;
+
+ if (!test_CloseServiceHandle(p, tctx, &h))
+ return false;
+
+ return true;
+}
+
static bool test_EnumServicesStatus(struct torture_context *tctx, struct dcerpc_pipe *p)
{
struct svcctl_EnumServicesStatusW r;
@@ -365,6 +418,8 @@ struct torture_suite *torture_rpc_svcctl(TALLOC_CTX *mem_ctx)
test_QueryServiceConfigW);
torture_rpc_tcase_add_test(tcase, "QueryServiceConfig2W",
test_QueryServiceConfig2W);
+ torture_rpc_tcase_add_test(tcase, "QueryServiceObjectSecurity",
+ test_QueryServiceObjectSecurity);
return suite;
}
--
Samba Shared Repository
More information about the samba-cvs
mailing list