[s4] Crash in netr_LogonGetDomainInfo
Matthias Dieter Wallnöfer
mdw at samba.org
Thu Nov 18 14:32:28 MST 2010
Metze,
I propose something like this.
Matthias
Matthias Dieter Wallnöfer wrote:
> Ah interesting!
>
> Well, if "dns_hostname" is null I could add some code which doesn't
> perform any DNS update.
>
> Matthias
>
> Stefan (metze) Metzmacher wrote:
>> Hi Tridge,
>>
>> today I noticed a bug in our dcerpc_netr_LogonGetDomainInfo() code.
>>
>> While migrating from Samba3/OpenLDAP to AD, I noticed that
>> clients will send r->in.query->workstation_info->dns_hostname as NULL,
>> when they believe they're in a NT4 domain.
>>
>> We crash in this code:
>>
>> temp_str = talloc_strndup(mem_ctx,
>> r->in.computer_name,
>> strcspn(r->in.computer_name,
>> "$"));
>> NT_STATUS_HAVE_NO_MEMORY(temp_str);
>> temp_str2 = talloc_strndup(mem_ctx,
>>
>> r->in.query->workstation_info->dns_hostname,
>>
>> strcspn(r->in.query->workstation_info->dns_hostname, "."));
>> NT_STATUS_HAVE_NO_MEMORY(temp_str2);
>> if (strcasecmp(temp_str, temp_str2) != 0) {
>> update_dns_hostname = false;
>> }
>>
>> I haven't checked, but in maybe r->in.computer_name can also be NULL.
>>
>> To you know what the best (and correct) way to fix that bug is?
>>
>> metze
>>
>
>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: logonGetDomainInfo.patch
Type: application/mbox
Size: 2117 bytes
Desc: not available
URL: <http://lists.samba.org/pipermail/samba-technical/attachments/20101118/f79df764/attachment.bin>
More information about the samba-technical
mailing list