[PATCH] Check result from ALL getsam21pwnam calls (SAMBA 2.2.0cvs)
Jeremy Allison
jeremy at valinux.com
Sat Apr 7 05:08:54 GMT 2001
On Sat, Apr 07, 2001 at 01:03:11PM +1000, Andrew Bartlett wrote:
>
> This is the only case where any of the getsam21pw functions are used
> without checking that the result is not null. The Get_Pwnam output
> should also be checked.
>
> Index: source/rpc_server/srv_netlog_nt.c
> ===================================================================
> RCS file: /cvsroot/samba/source/rpc_server/srv_netlog_nt.c,v
> retrieving revision 1.1.2.5
> diff -u -d -r1.1.2.5 srv_netlog_nt.c
> --- source/rpc_server/srv_netlog_nt.c 2001/03/14 21:48:59 1.1.2.5
> +++ source/rpc_server/srv_netlog_nt.c 2001/04/07 02:52:33
> @@ -527,7 +527,7 @@
> smb_pass = getsmbpwnam(nt_username);
> unbecome_root();
>
> - if (smb_pass == NULL)
> + if ((smb_pass == NULL) || (sam_pass == NULL) || (pw == NULL))
> return NT_STATUS_NO_SUCH_USER;
> else if (smb_pass->acct_ctrl & ACB_DISABLED)
> return NT_STATUS_ACCOUNT_DISABLED;
Cool - thanks. This only affected 2.2 - I've committed your
fix. Thanks a *lot*.
Jeremy.
--
--------------------------------------------------------
Buying an operating system without source is like buying
a self-assembly Space Shuttle with no instructions.
--------------------------------------------------------
More information about the samba-technical
mailing list