s3-samr: Fix crash bug in _samr_QueryUserInfo{2} level 18.

author Günther Deschner <gd@samba.org>

Fri, 28 May 2010 12:11:53 +0000 (14:11 +0200)

committer Karolin Seeger <kseeger@samba.org>

Fri, 18 Jun 2010 06:33:28 +0000 (08:33 +0200)
author Günther Deschner <gd@samba.org>
Fri, 28 May 2010 12:11:53 +0000 (14:11 +0200)
committer Karolin Seeger <kseeger@samba.org>
Fri, 18 Jun 2010 06:33:28 +0000 (08:33 +0200)
diff --git a/source3/rpc_server/srv_samr_nt.c b/source3/rpc_server/srv_samr_nt.c

index d50c6c3e0e6316b3422eb1206e169753fa122c41..e98e4aa595a27e4e356d0e1d64e4d44e538fa5ac 100644 (file)
--- a/source3/rpc_server/srv_samr_nt.c
+++ b/source3/rpc_server/srv_samr_nt.c
@@ -2735,6 +2735,8 @@ static NTSTATUS get_user_info_18(pipes_struct *p,
  {
         struct samu *smbpass=NULL;
         bool ret;
+       const uint8_t *nt_pass = NULL;
+       const uint8_t *lm_pass = NULL;
  
         ZERO_STRUCTP(r);
  
@@ -2769,10 +2771,17 @@ static NTSTATUS get_user_info_18(pipes_struct *p,
                 return NT_STATUS_ACCOUNT_DISABLED;
         }
  
-       r->lm_pwd_active = true;
-       r->nt_pwd_active = true;
-       memcpy(r->lm_pwd.hash, pdb_get_lanman_passwd(smbpass), 16);
-       memcpy(r->nt_pwd.hash, pdb_get_nt_passwd(smbpass), 16);
+       lm_pass = pdb_get_lanman_passwd(smbpass);
+       if (lm_pass != NULL) {
+               memcpy(r->lm_pwd.hash, lm_pass, 16);
+               r->lm_pwd_active = true;
+       }
+
+       nt_pass = pdb_get_nt_passwd(smbpass);
+       if (nt_pass != NULL) {
+               memcpy(r->nt_pwd.hash, nt_pass, 16);
+               r->nt_pwd_active = true;
+       }
         r->password_expired = 0; /* FIXME */
  
         TALLOC_FREE(smbpass);
author	Günther Deschner <gd@samba.org>
	Fri, 28 May 2010 12:11:53 +0000 (14:11 +0200)
committer	Karolin Seeger <kseeger@samba.org>
	Fri, 18 Jun 2010 06:33:28 +0000 (08:33 +0200)