From 87037006bd27601b620d0d31f72261ba968d9567 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?G=C3=BCnther=20Deschner?= Date: Fri, 28 May 2010 14:11:53 +0200 Subject: [PATCH] s3-samr: Fix crash bug in _samr_QueryUserInfo{2} level 18. Guenther --- source3/rpc_server/srv_samr_nt.c | 17 +++++++++++++---- 1 files changed, 13 insertions(+), 4 deletions(-) diff --git a/source3/rpc_server/srv_samr_nt.c b/source3/rpc_server/srv_samr_nt.c index 09b56ed..0b8e7a5 100644 --- a/source3/rpc_server/srv_samr_nt.c +++ b/source3/rpc_server/srv_samr_nt.c @@ -2764,6 +2764,8 @@ static NTSTATUS get_user_info_18(pipes_struct *p, { struct samu *smbpass=NULL; bool ret; + const uint8_t *nt_pass = NULL; + const uint8_t *lm_pass = NULL; ZERO_STRUCTP(r); @@ -2798,10 +2800,17 @@ static NTSTATUS get_user_info_18(pipes_struct *p, return NT_STATUS_ACCOUNT_DISABLED; } - r->lm_pwd_active = true; - r->nt_pwd_active = true; - memcpy(r->lm_pwd.hash, pdb_get_lanman_passwd(smbpass), 16); - memcpy(r->nt_pwd.hash, pdb_get_nt_passwd(smbpass), 16); + lm_pass = pdb_get_lanman_passwd(smbpass); + if (lm_pass != NULL) { + memcpy(r->lm_pwd.hash, lm_pass, 16); + r->lm_pwd_active = true; + } + + nt_pass = pdb_get_nt_passwd(smbpass); + if (nt_pass != NULL) { + memcpy(r->nt_pwd.hash, nt_pass, 16); + r->nt_pwd_active = true; + } r->password_expired = 0; /* FIXME */ TALLOC_FREE(smbpass); -- 1.7.0.1