s3-samr: Fix crash bug in _samr_QueryUserInfo{2} level 18.

Guenther Fix bug #7479 (Crash bug in _samr_QueryUserInfo{2} level 18.) (cherry picked from commit 386a4621b8c9e8f7956320a44679789b731d7b10)
author: Günther Deschner <gd@samba.org> 2010-05-28 14:11:53 +0200
committer: Karolin Seeger <kseeger@samba.org> 2010-06-18 08:33:28 +0200
commit: c31ac2ebd5ce850f87f4e29dab8e009def1b4e87 (patch)
tree: 951629989295f74bb711fe14e30763cc017d911f
parent: 920e5757f764f25290241b54769a334ca4dd7d5b (diff)
download: samba-c31ac2ebd5ce850f87f4e29dab8e009def1b4e87.tar.gz
1 files changed, 13 insertions, 4 deletions
diff --git a/source3/rpc_server/srv_samr_nt.c b/source3/rpc_server/srv_samr_nt.c
index d50c6c3e0e6..e98e4aa595a 100644
--- a/source3/rpc_server/srv_samr_nt.c
+++ b/source3/rpc_server/srv_samr_nt.c
@@ -2735,6 +2735,8 @@ static NTSTATUS get_user_info_18(pipes_struct *p,
 {
 	struct samu *smbpass=NULL;
 	bool ret;
+	const uint8_t *nt_pass = NULL;
+	const uint8_t *lm_pass = NULL;
 
 	ZERO_STRUCTP(r);
 
@@ -2769,10 +2771,17 @@ static NTSTATUS get_user_info_18(pipes_struct *p,
 		return NT_STATUS_ACCOUNT_DISABLED;
 	}
 
-	r->lm_pwd_active = true;
-	r->nt_pwd_active = true;
-	memcpy(r->lm_pwd.hash, pdb_get_lanman_passwd(smbpass), 16);
-	memcpy(r->nt_pwd.hash, pdb_get_nt_passwd(smbpass), 16);
+	lm_pass = pdb_get_lanman_passwd(smbpass);
+	if (lm_pass != NULL) {
+		memcpy(r->lm_pwd.hash, lm_pass, 16);
+		r->lm_pwd_active = true;
+	}
+
+	nt_pass = pdb_get_nt_passwd(smbpass);
+	if (nt_pass != NULL) {
+		memcpy(r->nt_pwd.hash, nt_pass, 16);
+		r->nt_pwd_active = true;
+	}
 	r->password_expired = 0; /* FIXME */
 
 	TALLOC_FREE(smbpass);
author	Günther Deschner <gd@samba.org>	2010-05-28 14:11:53 +0200
committer	Karolin Seeger <kseeger@samba.org>	2010-06-18 08:33:28 +0200
commit	c31ac2ebd5ce850f87f4e29dab8e009def1b4e87 (patch)
tree	951629989295f74bb711fe14e30763cc017d911f
parent	920e5757f764f25290241b54769a334ca4dd7d5b (diff)
download	samba-c31ac2ebd5ce850f87f4e29dab8e009def1b4e87.tar.gz