git.samba.org / samba.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 5254c9b)
r545: Handing a NULL blob to base64_encode_data_blob leads to an invalid write of a
authorVolker Lendecke <vlendec@samba.org>
Fri, 7 May 2004 08:42:13 +0000 (08:42 +0000)
committerGerald (Jerry) Carter <jerry@samba.org>
Wed, 10 Oct 2007 15:51:28 +0000 (10:51 -0500)
0 in base64_encode_data_blob. I don't know what the base64 encoding of a NULL
string is, so fix the problematic caller I found. The real fix should go into
base64_encode_data_blob.

Volker
(This used to be commit 55fd1e490efbe91c391c27101166284034cd32ef)

source3/rpc_server/srv_samr_util.c patch | blob | history

diff --git a/source3/rpc_server/srv_samr_util.c b/source3/rpc_server/srv_samr_util.c
index dd92e0d90a300f61798169e3fb456f0ff2b0bf16..417a712036a8c23121067e92a9d4f849ecb78d83 100644 (file)
--- a/source3/rpc_server/srv_samr_util.c
+++ b/source3/rpc_server/srv_samr_util.c
@@ -52,7 +52,8 @@ void copy_id20_to_sam_passwd(SAM_ACCOUNT *to, SAM_USER_INFO_20 *from)
                old_string = pdb_get_munged_dial(to);
                mung.length = from->hdr_munged_dial.uni_str_len;
                mung.data = (uint8 *) from->uni_munged_dial.buffer;
-               new_string = base64_encode_data_blob(mung);
+               new_string = (mung.length == 0) ?
+                       NULL : base64_encode_data_blob(mung);
                DEBUG(10,("INFO_20 UNI_MUNGED_DIAL: %s -> %s\n",old_string, new_string));
                if (STRING_CHANGED_NC(old_string,new_string))
                        pdb_set_munged_dial(to   , new_string, PDB_CHANGED);
@@ -210,7 +211,8 @@ void copy_id21_to_sam_passwd(SAM_ACCOUNT *to, SAM_USER_INFO_21 *from)
                old_string = pdb_get_munged_dial(to);
                mung.length = from->hdr_munged_dial.uni_str_len;
                mung.data = (uint8 *) from->uni_munged_dial.buffer;
-               newstr = base64_encode_data_blob(mung);
+               newstr = (mung.length == 0) ?
+                       NULL : base64_encode_data_blob(mung);
                DEBUG(10,("INFO_21 UNI_MUNGED_DIAL: %s -> %s\n",old_string, newstr));
                if (STRING_CHANGED_NC(old_string,newstr))
                        pdb_set_munged_dial(to   , newstr, PDB_CHANGED);
@@ -439,7 +441,8 @@ void copy_id23_to_sam_passwd(SAM_ACCOUNT *to, SAM_USER_INFO_23 *from)
                old_string = pdb_get_munged_dial(to);
                mung.length = from->hdr_munged_dial.uni_str_len;
                mung.data = (uint8 *) from->uni_munged_dial.buffer;
-               newstr = base64_encode_data_blob(mung);
+               newstr = (mung.length == 0) ?
+                       NULL : base64_encode_data_blob(mung);
                DEBUG(10,("INFO_23 UNI_MUNGED_DIAL: %s -> %s\n",old_string, newstr));
                if (STRING_CHANGED_NC(old_string, newstr))
                        pdb_set_munged_dial(to   , newstr, PDB_CHANGED);
Samba Shared Repository