cut&paste error in api_SetUserPassword() ?

Volker Lendecke Volker.Lendecke at SerNet.DE
Mon May 14 14:12:27 MDT 2012


On Mon, May 14, 2012 at 09:52:27PM +0200, Volker Lendecke wrote:
> Hi!
> 
> Attached find a patch for what I find to be a very likely
> cut&paste error.
> 
> Does anybody know if we have a test for this case? To me it
> seems it's a bit unlikely we actually have to use
> strlen(pass1) and strlen(pass2) in this code piece. The
> code to me seems to indicate we got raw hashes, which might
> contain 0-bytes.
> 
> Volker

Attachement...


-- 
SerNet GmbH, Bahnhofsallee 1b, 37081 Göttingen
phone: +49-551-370000-0, fax: +49-551-370000-9
AG Göttingen, HRB 2816, GF: Dr. Johannes Loxen
http://www.sernet.de, mailto:kontakt at sernet.de
-------------- next part --------------
>From 18f74f4b7eb360a9c541920005a719b9eb180706 Mon Sep 17 00:00:00 2001
From: Volker Lendecke <vl at samba.org>
Date: Mon, 14 May 2012 19:48:16 +0200
Subject: [PATCH] s3: Fix a likely cut&paste error

---
 source3/smbd/lanman.c |    2 +-
 1 files changed, 1 insertions(+), 1 deletions(-)

diff --git a/source3/smbd/lanman.c b/source3/smbd/lanman.c
index 31775bf..ac2faa9 100644
--- a/source3/smbd/lanman.c
+++ b/source3/smbd/lanman.c
@@ -3145,7 +3145,7 @@ static bool api_SetUserPassword(struct smbd_server_connection *sconn,
 		ZERO_STRUCT(old_lm_hash);
 		ZERO_STRUCT(new_lm_hash);
 		memcpy(old_lm_hash.hash, pass1, MIN(strlen(pass1), 16));
-		memcpy(new_lm_hash.hash, pass1, MIN(strlen(pass2), 16));
+		memcpy(new_lm_hash.hash, pass2, MIN(strlen(pass2), 16));
 	}
 
 	status = dcerpc_samr_ChangePasswordUser(b, mem_ctx,
-- 
1.7.8



More information about the samba-technical mailing list