[s4] Crash in netr_LogonGetDomainInfo
Stefan (metze) Metzmacher
metze at samba.org
Thu Nov 18 14:02:12 MST 2010
Hi Tridge,
today I noticed a bug in our dcerpc_netr_LogonGetDomainInfo() code.
While migrating from Samba3/OpenLDAP to AD, I noticed that
clients will send r->in.query->workstation_info->dns_hostname as NULL,
when they believe they're in a NT4 domain.
We crash in this code:
temp_str = talloc_strndup(mem_ctx,
r->in.computer_name,
strcspn(r->in.computer_name,
"$"));
NT_STATUS_HAVE_NO_MEMORY(temp_str);
temp_str2 = talloc_strndup(mem_ctx,
r->in.query->workstation_info->dns_hostname,
strcspn(r->in.query->workstation_info->dns_hostname, "."));
NT_STATUS_HAVE_NO_MEMORY(temp_str2);
if (strcasecmp(temp_str, temp_str2) != 0) {
update_dns_hostname = false;
}
I haven't checked, but in maybe r->in.computer_name can also be NULL.
To you know what the best (and correct) way to fix that bug is?
metze
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 262 bytes
Desc: OpenPGP digital signature
URL: <http://lists.samba.org/pipermail/samba-technical/attachments/20101118/fc75f870/attachment.pgp>
More information about the samba-technical
mailing list