diff options
author | Stefan Metzmacher <metze@samba.org> | 2014-02-26 20:16:26 +0100 |
---|---|---|
committer | Jeremy Allison <jra@samba.org> | 2014-11-25 07:25:44 +0100 |
commit | 966192ee16d6802da5c2b046d2488ddd1a7ec960 (patch) | |
tree | b2a9e8f1779a7db5e559216ad7c0eeac565318af | |
parent | e9bea35b7dbb516ade273cea1c4273299114aa41 (diff) | |
download | samba-966192ee16d6802da5c2b046d2488ddd1a7ec960.tar.gz |
s3:passdb: always copy the history in pdb_set_plaintext_passwd()
We should not write to memory marked as const
(returned from pdb_get_pw_history())!
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
-rw-r--r-- | source3/passdb/pdb_get_set.c | 33 |
1 files changed, 14 insertions, 19 deletions
diff --git a/source3/passdb/pdb_get_set.c b/source3/passdb/pdb_get_set.c index 0d7f4cb17b8..1b716f4728f 100644 --- a/source3/passdb/pdb_get_set.c +++ b/source3/passdb/pdb_get_set.c @@ -1001,6 +1001,7 @@ bool pdb_set_plaintext_passwd(struct samu *sampass, const char *plaintext) uchar *pwhistory; uint32_t pwHistLen; uint32_t current_history_len; + const uint8_t *current_history; if (!plaintext) return False; @@ -1051,33 +1052,27 @@ bool pdb_set_plaintext_passwd(struct samu *sampass, const char *plaintext) * the pw_history was first loaded into the struct samu struct * and now.... JRA. */ - pwhistory = (uchar *)pdb_get_pw_history(sampass, ¤t_history_len); - - if ((current_history_len != 0) && (pwhistory == NULL)) { + current_history = pdb_get_pw_history(sampass, ¤t_history_len); + if ((current_history_len != 0) && (current_history == NULL)) { DEBUG(1, ("pdb_set_plaintext_passwd: pwhistory == NULL!\n")); return false; } - if (current_history_len < pwHistLen) { - /* - * Ensure we have space for the needed history. This - * also takes care of an account which did not have - * any history at all so far, i.e. pwhistory==NULL - */ - uchar *new_history = talloc_zero_array( + /* + * Ensure we have space for the needed history. This + * also takes care of an account which did not have + * any history at all so far, i.e. pwhistory==NULL + */ + pwhistory = talloc_zero_array( sampass, uchar, pwHistLen*PW_HISTORY_ENTRY_LEN); - - if (!new_history) { - return False; - } - - memcpy(new_history, pwhistory, - current_history_len*PW_HISTORY_ENTRY_LEN); - - pwhistory = new_history; + if (!pwhistory) { + return false; } + memcpy(pwhistory, current_history, + current_history_len*PW_HISTORY_ENTRY_LEN); + /* * Make room for the new password in the history list. */ |