From 87037006bd27601b620d0d31f72261ba968d9567 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?G=C3=BCnther=20Deschner?= <gd@samba.org>
Date: Fri, 28 May 2010 14:11:53 +0200
Subject: [PATCH] s3-samr: Fix crash bug in _samr_QueryUserInfo{2} level 18.

Guenther
---
 source3/rpc_server/srv_samr_nt.c |   17 +++++++++++++----
 1 files changed, 13 insertions(+), 4 deletions(-)

diff --git a/source3/rpc_server/srv_samr_nt.c b/source3/rpc_server/srv_samr_nt.c
index 09b56ed..0b8e7a5 100644
--- a/source3/rpc_server/srv_samr_nt.c
+++ b/source3/rpc_server/srv_samr_nt.c
@@ -2764,6 +2764,8 @@ static NTSTATUS get_user_info_18(pipes_struct *p,
 {
 	struct samu *smbpass=NULL;
 	bool ret;
+	const uint8_t *nt_pass = NULL;
+	const uint8_t *lm_pass = NULL;
 
 	ZERO_STRUCTP(r);
 
@@ -2798,10 +2800,17 @@ static NTSTATUS get_user_info_18(pipes_struct *p,
 		return NT_STATUS_ACCOUNT_DISABLED;
 	}
 
-	r->lm_pwd_active = true;
-	r->nt_pwd_active = true;
-	memcpy(r->lm_pwd.hash, pdb_get_lanman_passwd(smbpass), 16);
-	memcpy(r->nt_pwd.hash, pdb_get_nt_passwd(smbpass), 16);
+	lm_pass = pdb_get_lanman_passwd(smbpass);
+	if (lm_pass != NULL) {
+		memcpy(r->lm_pwd.hash, lm_pass, 16);
+		r->lm_pwd_active = true;
+	}
+
+	nt_pass = pdb_get_nt_passwd(smbpass);
+	if (nt_pass != NULL) {
+		memcpy(r->nt_pwd.hash, nt_pass, 16);
+		r->nt_pwd_active = true;
+	}
 	r->password_expired = 0; /* FIXME */
 
 	TALLOC_FREE(smbpass);
-- 
1.7.0.1