Bug in cli_samr_get_dom_pwinfo ad Win2k Server (PR#25465)
idra at samba.org
Tue Sep 10 15:45:27 GMT 2002
This problem better be discussed on samba technical (CCed)!
I will also remember to all list members that samba-bugs is to be used
only to report well defined secure bugs in stable releases.
All help request, technical discussion, doubts and the like should be
discussed on proper forums, to preserve critical resources of the team.
Thank you all,
On Tue, 2002-09-10 at 16:03, paul_douglas at netilla.com wrote:
> I would like to change a user's password using SamrChangePasswordUser.
> It looks as
> if I will have to implement this function, but the prequiste call
> SamGetDomainPasswordInformation is already implemented
> in cli_samr_get_dom_pwinfo.
> I added the call to cli_samr_get_dom_pwinfo in my code:
> /result = cli_samr_get_dom_pwinfo(cli, mem_ctx, 0,0,0);/
> and I get the following error:
> prs_mem_get: reading data of size 4 would overrun buffer.*
> From the ethereal trace it looks as if the payload of the DCE portion
> of the packet
> 00 00 00 00 00 00 00 00 00 00 00 00
> while the code
> //* SAMR_R_GET_DOM_PWINFO *//
> /typedef struct r_samr_get_dom_pwinfo
> * Previously this was 3 uint16's. However, after some tests
> * it appears that the data len for the signing needs to be 16.
> * Not sure how 3 unit16's ever worked since the length always/
> an just comment o
> / * turned out to 12. 3 uint32's + NT_STATUS == 16 bytes. Tested
> * using NT and 2k. --jerry
> * uint32 unk_0;
> uint32 unk_1;
> uint32 unk_2;
> NTSTATUS status;*
> } SAMR_R_GET_DOM_PWINFO;/
> is expecting 4 bytes more.
> It looks like this is a bug..
> I can send the ethereal traces if you like.SamrChangePasswordUser
> One easy solution would be to comment out one of the fields, but I don't
> want to break
> anything else. Could you please review and suggest a soultion?
> Also is there any plan to add the SamrChangePasswordUser before I go
> ahead and do
Simo Sorce - idra at samba.org
Samba Team - http://www.samba.org
More information about the samba-technical