[SCM] Samba Shared Repository - branch master updated

Andreas Schneider asn at samba.org
Sun Jul 18 07:09:48 MDT 2010 

The branch, master has been updated
       via  898fd58... s3-rpc_client: Fixed a segfault in rpccli_samr_chng_pswd_auth_crap().
      from  0d16a59... s3-waf: Fixed the build.

http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master


- Log -----------------------------------------------------------------
commit 898fd584a4f96ba40c2692550518856671892add
Author: Andreas Schneider <asn at samba.org>
Date:   Sun Jul 18 15:04:20 2010 +0200

    s3-rpc_client: Fixed a segfault in rpccli_samr_chng_pswd_auth_crap().
    
    This fixes the WINBIND-WBCLIENT test. The test set
    old_lm_hash_enc_blob.length to 0 and we don't check the length here. So
    the memcpy segfaulted.

-----------------------------------------------------------------------

Summary of changes:
 source3/rpc_client/cli_samr.c |   27 +++++++++++++++++++++++----
 1 files changed, 23 insertions(+), 4 deletions(-)


Changeset truncated at 500 lines:

diff --git a/source3/rpc_client/cli_samr.c b/source3/rpc_client/cli_samr.c
index 8c92ebb..8c10112 100644
--- a/source3/rpc_client/cli_samr.c
+++ b/source3/rpc_client/cli_samr.c
@@ -165,10 +165,29 @@ NTSTATUS rpccli_samr_chng_pswd_auth_crap(struct rpc_pipe_client *cli,
 	init_lsa_String(&server, cli->srv_name_slash);
 	init_lsa_String(&account, username);
 
-	memcpy(&new_nt_password.data, new_nt_password_blob.data, 516);
-	memcpy(&new_lm_password.data, new_lm_password_blob.data, 516);
-	memcpy(&old_nt_hash_enc.hash, old_nt_hash_enc_blob.data, 16);
-	memcpy(&old_lm_hash_enc.hash, old_lm_hash_enc_blob.data, 16);
+	if (new_nt_password_blob.length > 0) {
+		memcpy(&new_nt_password.data, new_nt_password_blob.data, 516);
+	} else {
+		ZERO_STRUCT(new_nt_password_blob);
+	}
+
+	if (new_lm_password_blob.length > 0) {
+		memcpy(&new_lm_password.data, new_lm_password_blob.data, 516);
+	} else {
+		ZERO_STRUCT(new_lm_password);
+	}
+
+	if (old_nt_hash_enc_blob.length > 0) {
+		memcpy(&old_nt_hash_enc.hash, old_nt_hash_enc_blob.data, 16);
+	} else {
+		ZERO_STRUCT(old_nt_hash_enc);
+	}
+
+	if (old_lm_hash_enc_blob.length > 0) {
+		memcpy(&old_lm_hash_enc.hash, old_lm_hash_enc_blob.data, 16);
+	} else {
+		ZERO_STRUCT(old_lm_hash_enc);
+	}
 
 	result = rpccli_samr_ChangePasswordUser2(cli, mem_ctx,
 						 &server,


-- 
Samba Shared Repository

More information about the samba-cvs mailing list