auth/credentials: let cli_credentials_set_password() fail if talloc_strdup() fails

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

diff --git a/auth/credentials/credentials.c b/auth/credentials/credentials.c
index 7f4c15fee18ede2976477f3b051c0df654b1ebed..17f4b5db6a68a4646ab8f3f35c3e7a9b947b9aa6 100644 (file)
--- a/auth/credentials/credentials.c
+++ b/auth/credentials/credentials.c
@@ -339,18 +339,31 @@ _PUBLIC_ bool cli_credentials_set_password(struct cli_credentials *cred,
                                  enum credentials_obtained obtained)
 {
        if (obtained >= cred->password_obtained) {
+
+               cred->lm_response = data_blob_null;
+               cred->nt_response = data_blob_null;
+               cred->nt_hash = NULL;
+               cred->password = NULL;
+
+               cli_credentials_invalidate_ccache(cred, obtained);
+
                cred->password_tries = 0;
+
+               if (val == NULL) {
+                       cred->password_obtained = obtained;
+                       return true;
+               }
+
                cred->password = talloc_strdup(cred, val);
-               if (cred->password) {
-                       /* Don't print the actual password in talloc memory dumps */
-                       talloc_set_name_const(cred->password, "password set via cli_credentials_set_password");
+               if (cred->password == NULL) {
+                       return false;
                }
+
+               /* Don't print the actual password in talloc memory dumps */
+               talloc_set_name_const(cred->password,
+                       "password set via cli_credentials_set_password");
                cred->password_obtained = obtained;
-               cli_credentials_invalidate_ccache(cred, cred->password_obtained);
 
-               cred->nt_hash = NULL;
-               cred->lm_response = data_blob(NULL, 0);
-               cred->nt_response = data_blob(NULL, 0);
                return true;
        }