From e0d674dac50c4b735f45d701ebdbdca768a9b6d1 Mon Sep 17 00:00:00 2001 From: Volker Lendecke Date: Tue, 19 Apr 2011 19:17:57 +0200 Subject: [PATCH] s3: Fix checks in dcerpc_samr_chng_pswd_auth_crap This applies the same set of checks that went in for bug 8088 --- source3/rpc_client/cli_samr.c | 12 ++++++++---- 1 files changed, 8 insertions(+), 4 deletions(-) diff --git a/source3/rpc_client/cli_samr.c b/source3/rpc_client/cli_samr.c index 5baf3e6..fa70709 100644 --- a/source3/rpc_client/cli_samr.c +++ b/source3/rpc_client/cli_samr.c @@ -220,25 +220,29 @@ NTSTATUS dcerpc_samr_chng_pswd_auth_crap(struct dcerpc_binding_handle *h, init_lsa_String(&server, srv_name_slash); init_lsa_String(&account, username); - if (new_nt_password_blob.length > 0) { + if ((new_nt_password_blob.data != NULL) && + (new_nt_password_blob.length >= 516)) { memcpy(&new_nt_password.data, new_nt_password_blob.data, 516); } else { ZERO_STRUCT(new_nt_password_blob); } - if (new_lm_password_blob.length > 0) { + if ((new_lm_password_blob.data != NULL) && + (new_lm_password_blob.length >= 516)) { memcpy(&new_lm_password.data, new_lm_password_blob.data, 516); } else { ZERO_STRUCT(new_lm_password); } - if (old_nt_hash_enc_blob.length > 0) { + if ((old_nt_hash_enc_blob.data != NULL) && + (old_nt_hash_enc_blob.length >= 16)) { memcpy(&old_nt_hash_enc.hash, old_nt_hash_enc_blob.data, 16); } else { ZERO_STRUCT(old_nt_hash_enc); } - if (old_lm_hash_enc_blob.length > 0) { + if ((old_lm_hash_enc_blob.data != NULL) && + (old_lm_hash_enc_blob.length >= 16)) { memcpy(&old_lm_hash_enc.hash, old_lm_hash_enc_blob.data, 16); } else { ZERO_STRUCT(old_lm_hash_enc); -- 1.7.0.4