[SCM] Samba Shared Repository - branch v3-6-test updated
Jeremy Allison
jra at samba.org
Tue Apr 19 11:23:12 MDT 2011
The branch, v3-6-test has been updated
via 19af621 Fix bug 8088 - rpccli_samr_chng_pswd_auth_crap segfaults if any input blobs are null.
from 7299c19 s3-build: fix the --with-profiling-data build on mac os x.
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-6-test
- Log -----------------------------------------------------------------
commit 19af6216877577b11f97e132faebcfe1c15a3f7d
Author: Jeremy Allison <jra at samba.org>
Date: Mon Apr 18 14:32:11 2011 -0700
Fix bug 8088 - rpccli_samr_chng_pswd_auth_crap segfaults if any input blobs are null.
Correct fix - ensure we have enough length, and correctly null out
passed in structs if not.
Jeremy.
Autobuild-User: Jeremy Allison <jra at samba.org>
Autobuild-Date: Tue Apr 19 00:17:08 CEST 2011 on sn-devel-104
(cherry picked from commit bde2bcc8efd735d08b55ac3083d7b0f6490100d0)
-----------------------------------------------------------------------
Summary of changes:
source3/rpc_client/cli_samr.c | 21 +++++++++------------
1 files changed, 9 insertions(+), 12 deletions(-)
Changeset truncated at 500 lines:
diff --git a/source3/rpc_client/cli_samr.c b/source3/rpc_client/cli_samr.c
index 5baf3e6..e2bf08d 100644
--- a/source3/rpc_client/cli_samr.c
+++ b/source3/rpc_client/cli_samr.c
@@ -217,31 +217,28 @@ NTSTATUS dcerpc_samr_chng_pswd_auth_crap(struct dcerpc_binding_handle *h,
DEBUG(10,("rpccli_samr_chng_pswd_auth_crap\n"));
+ ZERO_STRUCT(new_nt_password);
+ ZERO_STRUCT(new_lm_password);
+ ZERO_STRUCT(old_nt_hash_enc);
+ ZERO_STRUCT(old_lm_hash_enc);
+
init_lsa_String(&server, srv_name_slash);
init_lsa_String(&account, username);
- if (new_nt_password_blob.length > 0) {
+ if (new_nt_password_blob.data && new_nt_password_blob.length >= 516) {
memcpy(&new_nt_password.data, new_nt_password_blob.data, 516);
- } else {
- ZERO_STRUCT(new_nt_password_blob);
}
- if (new_lm_password_blob.length > 0) {
+ if (new_lm_password_blob.data && new_lm_password_blob.length >= 516) {
memcpy(&new_lm_password.data, new_lm_password_blob.data, 516);
- } else {
- ZERO_STRUCT(new_lm_password);
}
- if (old_nt_hash_enc_blob.length > 0) {
+ if (old_nt_hash_enc_blob.data && old_nt_hash_enc_blob.length >= 16) {
memcpy(&old_nt_hash_enc.hash, old_nt_hash_enc_blob.data, 16);
- } else {
- ZERO_STRUCT(old_nt_hash_enc);
}
- if (old_lm_hash_enc_blob.length > 0) {
+ if (old_lm_hash_enc_blob.data && old_lm_hash_enc_blob.length >= 16) {
memcpy(&old_lm_hash_enc.hash, old_lm_hash_enc_blob.data, 16);
- } else {
- ZERO_STRUCT(old_lm_hash_enc);
}
status = dcerpc_samr_ChangePasswordUser2(h,
--
Samba Shared Repository
More information about the samba-cvs
mailing list