r545: Handing a NULL blob to base64_encode_data_blob leads to an invalid write of a (9259481d) · Commits · Software / OSDI20 Artifacts / samba

source3/rpc_server/srv_samr_util.c

+6 −3

Original line number	Diff line number	Diff line
		@@ -52,7 +52,8 @@ void copy_id20_to_sam_passwd(SAM_ACCOUNT to, SAM_USER_INFO_20 from)
		old_string = pdb_get_munged_dial(to);
		mung.length = from->hdr_munged_dial.uni_str_len;
		mung.data = (uint8 *) from->uni_munged_dial.buffer;
		new_string = base64_encode_data_blob(mung);
		new_string = (mung.length == 0) ?
		NULL : base64_encode_data_blob(mung);
		DEBUG(10,("INFO_20 UNI_MUNGED_DIAL: %s -> %s\n",old_string, new_string));
		if (STRING_CHANGED_NC(old_string,new_string))
		pdb_set_munged_dial(to , new_string, PDB_CHANGED);
		@@ -210,7 +211,8 @@ void copy_id21_to_sam_passwd(SAM_ACCOUNT to, SAM_USER_INFO_21 from)
		old_string = pdb_get_munged_dial(to);
		mung.length = from->hdr_munged_dial.uni_str_len;
		mung.data = (uint8 *) from->uni_munged_dial.buffer;
		newstr = base64_encode_data_blob(mung);
		newstr = (mung.length == 0) ?
		NULL : base64_encode_data_blob(mung);
		DEBUG(10,("INFO_21 UNI_MUNGED_DIAL: %s -> %s\n",old_string, newstr));
		if (STRING_CHANGED_NC(old_string,newstr))
		pdb_set_munged_dial(to , newstr, PDB_CHANGED);
		@@ -439,7 +441,8 @@ void copy_id23_to_sam_passwd(SAM_ACCOUNT to, SAM_USER_INFO_23 from)
		old_string = pdb_get_munged_dial(to);
		mung.length = from->hdr_munged_dial.uni_str_len;
		mung.data = (uint8 *) from->uni_munged_dial.buffer;
		newstr = base64_encode_data_blob(mung);
		newstr = (mung.length == 0) ?
		NULL : base64_encode_data_blob(mung);
		DEBUG(10,("INFO_23 UNI_MUNGED_DIAL: %s -> %s\n",old_string, newstr));
		if (STRING_CHANGED_NC(old_string, newstr))
		pdb_set_munged_dial(to , newstr, PDB_CHANGED);