The Samba-Bugzilla – Attachment 6416 Details for
Bug 8088
rpccli_samr_chng_pswd_auth_crap segfaults if any input blobs are null
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
Patch
0001-s3-Fix-checks-in-dcerpc_samr_chng_pswd_auth_crap.patch (text/plain), 1.70 KB, created by
Volker Lendecke
on 2011-04-19 17:19:44 UTC
(
hide
)
Description:
Patch
Filename:
MIME Type:
Creator:
Volker Lendecke
Created:
2011-04-19 17:19:44 UTC
Size:
1.70 KB
patch
obsolete
>From e0d674dac50c4b735f45d701ebdbdca768a9b6d1 Mon Sep 17 00:00:00 2001 >From: Volker Lendecke <vl@samba.org> >Date: Tue, 19 Apr 2011 19:17:57 +0200 >Subject: [PATCH] s3: Fix checks in dcerpc_samr_chng_pswd_auth_crap > >This applies the same set of checks that went in for bug 8088 >--- > source3/rpc_client/cli_samr.c | 12 ++++++++---- > 1 files changed, 8 insertions(+), 4 deletions(-) > >diff --git a/source3/rpc_client/cli_samr.c b/source3/rpc_client/cli_samr.c >index 5baf3e6..fa70709 100644 >--- a/source3/rpc_client/cli_samr.c >+++ b/source3/rpc_client/cli_samr.c >@@ -220,25 +220,29 @@ NTSTATUS dcerpc_samr_chng_pswd_auth_crap(struct dcerpc_binding_handle *h, > init_lsa_String(&server, srv_name_slash); > init_lsa_String(&account, username); > >- if (new_nt_password_blob.length > 0) { >+ if ((new_nt_password_blob.data != NULL) && >+ (new_nt_password_blob.length >= 516)) { > memcpy(&new_nt_password.data, new_nt_password_blob.data, 516); > } else { > ZERO_STRUCT(new_nt_password_blob); > } > >- if (new_lm_password_blob.length > 0) { >+ if ((new_lm_password_blob.data != NULL) && >+ (new_lm_password_blob.length >= 516)) { > memcpy(&new_lm_password.data, new_lm_password_blob.data, 516); > } else { > ZERO_STRUCT(new_lm_password); > } > >- if (old_nt_hash_enc_blob.length > 0) { >+ if ((old_nt_hash_enc_blob.data != NULL) && >+ (old_nt_hash_enc_blob.length >= 16)) { > memcpy(&old_nt_hash_enc.hash, old_nt_hash_enc_blob.data, 16); > } else { > ZERO_STRUCT(old_nt_hash_enc); > } > >- if (old_lm_hash_enc_blob.length > 0) { >+ if ((old_lm_hash_enc_blob.data != NULL) && >+ (old_lm_hash_enc_blob.length >= 16)) { > memcpy(&old_lm_hash_enc.hash, old_lm_hash_enc_blob.data, 16); > } else { > ZERO_STRUCT(old_lm_hash_enc); >-- >1.7.0.4 >
You cannot view the attachment while viewing its details because your browser does not support IFRAMEs.
View the attachment on a separate page
.
View Attachment As Raw
Actions:
View
Attachments on
bug 8088
:
6413
| 6416