diff options
author | Gary Lockyer <gary@catalyst.net.nz> | 2019-05-10 08:47:46 +1200 |
---|---|---|
committer | Andrew Bartlett <abartlet@samba.org> | 2019-05-10 10:02:20 +0000 |
commit | a5d1df4a8f9c535ff2f7ef11d7dfea4d79d65e7e (patch) | |
tree | 0033e29da9a7bba1a9fdf47baba4b8089b53b84a /source3/rpc_client | |
parent | 71595201bea9b3fa28357065fa137806f9220f38 (diff) | |
download | samba-a5d1df4a8f9c535ff2f7ef11d7dfea4d79d65e7e.tar.gz |
s3 rpc_client: Fix Asan stack use after scope
Fixes Asan error:
==1924==ERROR: AddressSanitizer: stack-use-after-scope on address
0x7ffe63f873d0 at pc 0x7fb99dae1733 bp 0x7ffe63f86a00 sp 0x7ffe63f861a8
READ of size 24 at 0x7ffe63f873d0 thread T0
#0 0x7fb99dae1732 (/usr/lib/x86_64-linux-gnu/libasan.so.4+0x79732)
#1 0x7fb99cfe5549 in memcpy
/usr/include/x86_64-linux-gnu/bits/string_fortified.h:34
#2 0x7fb99cfe5549 in ndr_push_bytes
../../librpc/ndr/ndr_basic.c:729
#3 0x7fb99cfe5646 in ndr_push_array_uint8
../../librpc/ndr/ndr_basic.c:754
#4 0x7fb99a69dd1b in ndr_push_netr_ChallengeResponse
librpc/gen_ndr/ndr_netlogon.c:462
#5 0x7fb99a6c5fab in ndr_push_netr_NetworkInfo
librpc/gen_ndr/ndr_netlogon.c:556
#6 0x7fb99a6c749d in ndr_push_netr_LogonLevel
librpc/gen_ndr/ndr_netlogon.c:783
#7 0x7fb99a7222de in ndr_push_netr_LogonSamLogonEx
librpc/gen_ndr/ndr_netlogon.c:16547
#8 0x7fb99c982c97 in dcerpc_binding_handle_call_send
../../librpc/rpc/binding_handle.c:416
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13936
Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Fri May 10 10:02:21 UTC 2019 on sn-devel-184
Diffstat (limited to 'source3/rpc_client')
-rw-r--r-- | source3/rpc_client/cli_netlogon.c | 13 |
1 files changed, 7 insertions, 6 deletions
diff --git a/source3/rpc_client/cli_netlogon.c b/source3/rpc_client/cli_netlogon.c index 3ed49686206..505a1d015bc 100644 --- a/source3/rpc_client/cli_netlogon.c +++ b/source3/rpc_client/cli_netlogon.c @@ -472,6 +472,13 @@ NTSTATUS rpccli_netlogon_password_logon( union netr_Validation *validation = NULL; char *workstation_slash = NULL; + unsigned char local_nt_response[24]; + unsigned char local_lm_response[24]; + struct samr_Password lmpassword = {.hash = {0}}; + struct samr_Password ntpassword = {.hash = {0}}; + struct netr_ChallengeResponse lm = {0}; + struct netr_ChallengeResponse nt = {0}; + logon = talloc_zero(frame, union netr_LogonLevel); if (logon == NULL) { TALLOC_FREE(frame); @@ -496,8 +503,6 @@ NTSTATUS rpccli_netlogon_password_logon( struct netr_PasswordInfo *password_info; - struct samr_Password lmpassword; - struct samr_Password ntpassword; password_info = talloc_zero(frame, struct netr_PasswordInfo); if (password_info == NULL) { @@ -524,10 +529,6 @@ NTSTATUS rpccli_netlogon_password_logon( case NetlogonNetworkTransitiveInformation: { struct netr_NetworkInfo *network_info; uint8_t chal[8]; - unsigned char local_lm_response[24]; - unsigned char local_nt_response[24]; - struct netr_ChallengeResponse lm; - struct netr_ChallengeResponse nt; ZERO_STRUCT(lm); ZERO_STRUCT(nt); |