diff options
| author | Jeremy Allison <jra@samba.org> | 2011-04-18 14:26:09 -0700 |
|---|---|---|
| committer | Karolin Seeger <kseeger@samba.org> | 2011-06-14 12:57:22 +0200 |
| commit | 78e9a21d2c126df26dc90cdedad6a02c6cca534a (patch) | |
| tree | 830386d1d1120d6e87b748158f01acc0365e5432 | |
| parent | 3d7991a6eea433fb867beb7c06eb06f8fa931fca (diff) | |
| download | samba-78e9a21d2c126df26dc90cdedad6a02c6cca534a.tar.gz | |
Fix bug 8088 - rpccli_samr_chng_pswd_auth_crap segfaults if any input blobs are null.
(cherry picked from commit fae43d2640459fe8cb3d485eacd1624de59b9622)
| -rw-r--r-- | source3/rpc_client/cli_samr.c | 21 |
1 files changed, 17 insertions, 4 deletions
diff --git a/source3/rpc_client/cli_samr.c b/source3/rpc_client/cli_samr.c index ca7a6b416b3..936f3bb88c2 100644 --- a/source3/rpc_client/cli_samr.c +++ b/source3/rpc_client/cli_samr.c @@ -158,15 +158,28 @@ NTSTATUS rpccli_samr_chng_pswd_auth_crap(struct rpc_pipe_client *cli, struct samr_Password old_lm_hash_enc; struct lsa_String server, account; + ZERO_STRUCT(new_nt_password); + ZERO_STRUCT(new_lm_password); + ZERO_STRUCT(old_nt_hash_enc); + ZERO_STRUCT(old_lm_hash_enc); + DEBUG(10,("rpccli_samr_chng_pswd_auth_crap\n")); init_lsa_String(&server, cli->srv_name_slash); init_lsa_String(&account, username); - memcpy(&new_nt_password.data, new_nt_password_blob.data, 516); - memcpy(&new_lm_password.data, new_lm_password_blob.data, 516); - memcpy(&old_nt_hash_enc.hash, old_nt_hash_enc_blob.data, 16); - memcpy(&old_lm_hash_enc.hash, old_lm_hash_enc_blob.data, 16); + if (new_nt_password_blob.data && new_nt_password_blob.length >= 516) { + memcpy(&new_nt_password.data, new_nt_password_blob.data, 516); + } + if (new_lm_password_blob.data && new_lm_password_blob.length >= 516) { + memcpy(&new_lm_password.data, new_lm_password_blob.data, 516); + } + if (old_nt_hash_enc_blob.data && old_nt_hash_enc_blob.length >= 16) { + memcpy(&old_nt_hash_enc.hash, old_nt_hash_enc_blob.data, 16); + } + if (old_lm_hash_enc_blob.data && old_lm_hash_enc_blob.length >= 16) { + memcpy(&old_lm_hash_enc.hash, old_lm_hash_enc_blob.data, 16); + } result = rpccli_samr_ChangePasswordUser2(cli, mem_ctx, &server, |