[s4] Crash in netr_LogonGetDomainInfo
Matthias Dieter Wallnöfer
mdw at samba.org
Thu Nov 18 14:17:21 MST 2010
Ah interesting!
Well, if "dns_hostname" is null I could add some code which doesn't
perform any DNS update.
Matthias
Stefan (metze) Metzmacher wrote:
> Hi Tridge,
>
> today I noticed a bug in our dcerpc_netr_LogonGetDomainInfo() code.
>
> While migrating from Samba3/OpenLDAP to AD, I noticed that
> clients will send r->in.query->workstation_info->dns_hostname as NULL,
> when they believe they're in a NT4 domain.
>
> We crash in this code:
>
> temp_str = talloc_strndup(mem_ctx,
> r->in.computer_name,
> strcspn(r->in.computer_name,
> "$"));
> NT_STATUS_HAVE_NO_MEMORY(temp_str);
> temp_str2 = talloc_strndup(mem_ctx,
>
> r->in.query->workstation_info->dns_hostname,
>
> strcspn(r->in.query->workstation_info->dns_hostname, "."));
> NT_STATUS_HAVE_NO_MEMORY(temp_str2);
> if (strcasecmp(temp_str, temp_str2) != 0) {
> update_dns_hostname = false;
> }
>
> I haven't checked, but in maybe r->in.computer_name can also be NULL.
>
> To you know what the best (and correct) way to fix that bug is?
>
> metze
>
>
More information about the samba-technical
mailing list