dsdb: Do not attempt to return beyond the end of the password history array

author Andrew Bartlett <abartlet@samba.org>

Mon, 1 Sep 2014 21:48:34 +0000 (09:48 +1200)

committer Matthieu Patou <mat@samba.org>

Mon, 13 Oct 2014 06:28:14 +0000 (08:28 +0200)
author Andrew Bartlett <abartlet@samba.org>
Mon, 1 Sep 2014 21:48:34 +0000 (09:48 +1200)
committer Matthieu Patou <mat@samba.org>
Mon, 13 Oct 2014 06:28:14 +0000 (08:28 +0200)
diff --git a/source4/dsdb/common/util.c b/source4/dsdb/common/util.c

index 409191d12b0f271ca730065129ca6a2ed5c16d6c..a892f2da0f9282827ba97466edc946cd8c9d9e8f 100644 (file)
--- a/source4/dsdb/common/util.c
+++ b/source4/dsdb/common/util.c
@@ -570,7 +570,7 @@ NTSTATUS samdb_result_passwords_from_history(TALLOC_CTX *mem_ctx,
         if (nt_pwd) {
                 unsigned int num_nt;
                 num_nt = samdb_result_hashes(mem_ctx, msg, "ntPwdHistory", &ntPwdHash);
-               if (num_nt < idx) {
+               if (num_nt <= idx) {
                         *nt_pwd = NULL;
                 } else {
                         *nt_pwd = &ntPwdHash[idx];
@@ -583,7 +583,7 @@ NTSTATUS samdb_result_passwords_from_history(TALLOC_CTX *mem_ctx,
                 if (lpcfg_lanman_auth(lp_ctx)) {
                         unsigned int num_lm;
                         num_lm = samdb_result_hashes(mem_ctx, msg, "lmPwdHistory", &lmPwdHash);
-                       if (num_lm < idx) {
+                       if (num_lm <= idx) {
                                 *lm_pwd = NULL;
                         } else {
                                 *lm_pwd = &lmPwdHash[idx];
author	Andrew Bartlett <abartlet@samba.org>
	Mon, 1 Sep 2014 21:48:34 +0000 (09:48 +1200)
committer	Matthieu Patou <mat@samba.org>
	Mon, 13 Oct 2014 06:28:14 +0000 (08:28 +0200)