Read beyond end of buffer in init_id_info2()

Andrew Bartlett abartlet at
Mon Feb 28 22:48:32 GMT 2005

On Tue, 2005-03-01 at 09:36 +1100, Andrew Bartlett wrote:
> On Mon, 2005-02-28 at 15:52 +0100, Martin Buck wrote:
> > IMO, the most elegant solution would be to change check_ntdomain_security()
> > to not pass the result of lp_workgroup() to domain_client_validate(), but
> > to use user_info->client_domain instead. 
> user_info->domain is what I would use (preserving the domain remapping,
> when we do that).  This will still break non 'domain member' setups, but
> I suspect these don't work for NTLMv2 at all.
> The current code is 'almost correct'  - that is, this subtle point was
> missed during other changes to the code.  

OK, my patch is also 'almost correct'.  I forgot to handle 'domain
member with trusted domains'...

> If you start winbindd, it should 'just work' (different code paths, and
> also much more efficient), or try the attached patch.

See, just use winbindd - it's easier on the brain :-)

Andrew Bartlett

Andrew Bartlett                      
Authentication Developer, Samba Team 
Student Network Administrator, Hawker College
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url :

More information about the samba-technical mailing list