From 314fb3675722ba125e896c04f3045aa5899c3348 Mon Sep 17 00:00:00 2001 From: Noel Power Date: Mon, 2 Nov 2015 09:59:12 +0000 Subject: [PATCH 1/2] s3: rpcclient: Prevent null ptr access by returning error if no creds available Prevent rpccli_netlogon_password_logon being called with 'NULL' credentials. BUG: https://bugzilla.samba.org/show_bug.cgi?id=11569 Signed-off-by: Noel Power Reviewed-by: Jeremy Allison Reviewed-by: Stefan Metzmacher (cherry picked from commit 89940f39c6d2db03b3a468942d686e762f126f9f) --- source3/rpcclient/cmd_netlogon.c | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/source3/rpcclient/cmd_netlogon.c b/source3/rpcclient/cmd_netlogon.c index 2d1c351..ea63602 100644 --- a/source3/rpcclient/cmd_netlogon.c +++ b/source3/rpcclient/cmd_netlogon.c @@ -800,6 +800,11 @@ static NTSTATUS cmd_netlogon_sam_logon(struct rpc_pipe_client *cli, if (argc == 6) sscanf(argv[5], "%x", &logon_param); + if (rpcclient_netlogon_creds == NULL) { + result = NT_STATUS_UNSUCCESSFUL; + goto done; + } + /* Perform the sam logon */ result = rpccli_netlogon_password_logon(rpcclient_netlogon_creds, -- 2.1.4 From a9c424fa5fbc8b5fce4dced748cea2d6bd9350ed Mon Sep 17 00:00:00 2001 From: Noel Power Date: Thu, 22 Oct 2015 12:37:17 +0100 Subject: [PATCH 2/2] s3: winbind: Prevent null ptr access by returning error if no creds available Prevent rpccli_netlogon_network_logon/rpccli_netlogon_password_logon being called with 'NULL' credentials BUG: https://bugzilla.samba.org/show_bug.cgi?id=11569 Signed-off-by: Noel Power Reviewed-by: Jeremy Allison Reviewed-by: Stefan Metzmacher (cherry picked from commit e8fab02773892812f563eea7098847618df76e1b) --- source3/winbindd/winbindd_pam.c | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/source3/winbindd/winbindd_pam.c b/source3/winbindd/winbindd_pam.c index bed2220..a09143f 100644 --- a/source3/winbindd/winbindd_pam.c +++ b/source3/winbindd/winbindd_pam.c @@ -1367,8 +1367,11 @@ static NTSTATUS winbind_samlogon_retry_loop(struct winbindd_domain *domain, return result; } netr_attempts = 0; - - if (interactive && username != NULL && password != NULL) { + if (domain->conn.netlogon_creds == NULL) { + DEBUG(3, ("No security credentials available for " + "domain [%s]\n", domainname)); + result = NT_STATUS_CANT_ACCESS_DOMAIN_INFO; + } else if (interactive && username != NULL && password != NULL) { result = rpccli_netlogon_password_logon(domain->conn.netlogon_creds, netlogon_pipe->binding_handle, mem_ctx, -- 2.1.4