The Samba-Bugzilla – Attachment 6413 Details for
Bug 8088
rpccli_samr_chng_pswd_auth_crap segfaults if any input blobs are null
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
git-am fix for 3.5.next
0001-Fix-bug-8088-rpccli_samr_chng_pswd_auth_crap-segfaul.patch (text/plain), 1.86 KB, created by
Jeremy Allison
on 2011-04-18 21:27:23 UTC
(
hide
)
Description:
git-am fix for 3.5.next
Filename:
MIME Type:
Creator:
Jeremy Allison
Created:
2011-04-18 21:27:23 UTC
Size:
1.86 KB
patch
obsolete
>From 0390ebfa066df4aa824271b677810c7f955c1523 Mon Sep 17 00:00:00 2001 >From: Jeremy Allison <jra@samba.org> >Date: Mon, 18 Apr 2011 14:26:09 -0700 >Subject: [PATCH] Fix bug 8088 - rpccli_samr_chng_pswd_auth_crap segfaults if any input blobs are null. > >--- > source3/rpc_client/cli_samr.c | 21 +++++++++++++++++---- > 1 files changed, 17 insertions(+), 4 deletions(-) > >diff --git a/source3/rpc_client/cli_samr.c b/source3/rpc_client/cli_samr.c >index ca7a6b4..936f3bb 100644 >--- a/source3/rpc_client/cli_samr.c >+++ b/source3/rpc_client/cli_samr.c >@@ -158,15 +158,28 @@ NTSTATUS rpccli_samr_chng_pswd_auth_crap(struct rpc_pipe_client *cli, > struct samr_Password old_lm_hash_enc; > struct lsa_String server, account; > >+ ZERO_STRUCT(new_nt_password); >+ ZERO_STRUCT(new_lm_password); >+ ZERO_STRUCT(old_nt_hash_enc); >+ ZERO_STRUCT(old_lm_hash_enc); >+ > DEBUG(10,("rpccli_samr_chng_pswd_auth_crap\n")); > > init_lsa_String(&server, cli->srv_name_slash); > init_lsa_String(&account, username); > >- memcpy(&new_nt_password.data, new_nt_password_blob.data, 516); >- memcpy(&new_lm_password.data, new_lm_password_blob.data, 516); >- memcpy(&old_nt_hash_enc.hash, old_nt_hash_enc_blob.data, 16); >- memcpy(&old_lm_hash_enc.hash, old_lm_hash_enc_blob.data, 16); >+ if (new_nt_password_blob.data && new_nt_password_blob.length >= 516) { >+ memcpy(&new_nt_password.data, new_nt_password_blob.data, 516); >+ } >+ if (new_lm_password_blob.data && new_lm_password_blob.length >= 516) { >+ memcpy(&new_lm_password.data, new_lm_password_blob.data, 516); >+ } >+ if (old_nt_hash_enc_blob.data && old_nt_hash_enc_blob.length >= 16) { >+ memcpy(&old_nt_hash_enc.hash, old_nt_hash_enc_blob.data, 16); >+ } >+ if (old_lm_hash_enc_blob.data && old_lm_hash_enc_blob.length >= 16) { >+ memcpy(&old_lm_hash_enc.hash, old_lm_hash_enc_blob.data, 16); >+ } > > result = rpccli_samr_ChangePasswordUser2(cli, mem_ctx, > &server, >-- >1.7.3.1 >
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=6413">View the attachment on a separate page</a>.</b>
View Attachment As Raw
Flags:
vl
:
review+
Actions:
View
Attachments on
bug 8088
: 6413 |
6416