summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorLuke Leighton <lkcl@samba.org>1998-12-20 00:37:24 +0000
committerLuke Leighton <lkcl@samba.org>1998-12-20 00:37:24 +0000
commita15a3f95f2a14ab164ca758e2145444a803190b2 (patch)
treeaabdd59d13296ccdfe2e6002b98edf499236f118
parent090512e18770bab9222a30e68dee83d1612eca10 (diff)
downloadsamba-a15a3f95f2a14ab164ca758e2145444a803190b2.tar.gz
samba-a15a3f95f2a14ab164ca758e2145444a803190b2.tar.xz
samba-a15a3f95f2a14ab164ca758e2145444a803190b2.zip
fix for potential lsass.exe crashing due to negative response from
LsaLookupNames being incorrect. this is a bit wierd: why would the lsass.exe on the nt _client_ crash due to an LsaLookupNames response from a samba _server_?
-rw-r--r--source/include/rpc_lsa.h2
-rw-r--r--source/lsarpcd/srv_lsa.c2
-rw-r--r--source/rpc_parse/parse_lsa.c50
-rw-r--r--source/rpc_server/srv_lsa.c2
4 files changed, 30 insertions, 26 deletions
diff --git a/source/include/rpc_lsa.h b/source/include/rpc_lsa.h
index 1df18a7674d..fd604235662 100644
--- a/source/include/rpc_lsa.h
+++ b/source/include/rpc_lsa.h
@@ -218,7 +218,7 @@ typedef struct dom_ref_info
{
uint32 undoc_buffer; /* undocumented buffer pointer. */
uint32 num_ref_doms_1; /* num referenced domains */
- uint32 undoc_buffer2; /* undocumented domain name buffer pointer. */
+ uint32 ptr_ref_dom; /* pointer to referenced domains */
uint32 max_entries; /* 32 - max number of entries */
uint32 num_ref_doms_2; /* num referenced domains */
diff --git a/source/lsarpcd/srv_lsa.c b/source/lsarpcd/srv_lsa.c
index 5f4f9fb929d..4db97f6d4c0 100644
--- a/source/lsarpcd/srv_lsa.c
+++ b/source/lsarpcd/srv_lsa.c
@@ -177,7 +177,7 @@ static int make_dom_ref(DOM_R_REF *ref, char *dom_name, DOM_SID *dom_sid)
ref->undoc_buffer = 1;
ref->num_ref_doms_1 = num+1;
- ref->undoc_buffer2 = 1;
+ ref->ptr_ref_dom = 1;
ref->max_entries = MAX_REF_DOMAINS;
ref->num_ref_doms_2 = num+1;
diff --git a/source/rpc_parse/parse_lsa.c b/source/rpc_parse/parse_lsa.c
index 0b294b84f33..239c0847afd 100644
--- a/source/rpc_parse/parse_lsa.c
+++ b/source/rpc_parse/parse_lsa.c
@@ -73,40 +73,44 @@ static void lsa_io_dom_r_ref(char *desc, DOM_R_REF *r_r, prs_struct *ps, int de
prs_uint32("undoc_buffer ", ps, depth, &(r_r->undoc_buffer )); /* undocumented buffer pointer. */
prs_uint32("num_ref_doms_1", ps, depth, &(r_r->num_ref_doms_1)); /* num referenced domains? */
- prs_uint32("undoc_buffer2 ", ps, depth, &(r_r->undoc_buffer2 )); /* undocumented buffer pointer. */
+ prs_uint32("ptr_ref_dom ", ps, depth, &(r_r->ptr_ref_dom )); /* undocumented buffer pointer. */
prs_uint32("max_entries ", ps, depth, &(r_r->max_entries )); /* 32 - max number of entries */
- prs_uint32("num_ref_doms_2", ps, depth, &(r_r->num_ref_doms_2)); /* 4 - num referenced domains? */
SMB_ASSERT_ARRAY(r_r->hdr_ref_dom, r_r->num_ref_doms_1);
- SMB_ASSERT_ARRAY(r_r->ref_dom, r_r->num_ref_doms_2);
- for (i = 0; i < r_r->num_ref_doms_1; i++)
+ if (r_r->ptr_ref_dom != 0)
{
- fstring t;
+ prs_uint32("num_ref_doms_2", ps, depth, &(r_r->num_ref_doms_2)); /* 4 - num referenced domains? */
+ SMB_ASSERT_ARRAY(r_r->ref_dom, r_r->num_ref_doms_2);
- slprintf(t, sizeof(t) - 1, "dom_ref[%d] ", i);
- smb_io_unihdr(t, &(r_r->hdr_ref_dom[i].hdr_dom_name), ps, depth);
-
- slprintf(t, sizeof(t) - 1, "sid_ptr[%d] ", i);
- prs_uint32(t, ps, depth, &(r_r->hdr_ref_dom[i].ptr_dom_sid));
- }
-
- for (i = 0, n = 0, s = 0; i < r_r->num_ref_doms_2; i++)
- {
- fstring t;
-
- if (r_r->hdr_ref_dom[i].hdr_dom_name.buffer != 0)
+ for (i = 0; i < r_r->num_ref_doms_1; i++)
{
+ fstring t;
+
slprintf(t, sizeof(t) - 1, "dom_ref[%d] ", i);
- smb_io_unistr2(t, &(r_r->ref_dom[n].uni_dom_name), True, ps, depth); /* domain name unicode string */
- n++;
+ smb_io_unihdr(t, &(r_r->hdr_ref_dom[i].hdr_dom_name), ps, depth);
+
+ slprintf(t, sizeof(t) - 1, "sid_ptr[%d] ", i);
+ prs_uint32(t, ps, depth, &(r_r->hdr_ref_dom[i].ptr_dom_sid));
}
- if (r_r->hdr_ref_dom[i].ptr_dom_sid != 0)
+ for (i = 0, n = 0, s = 0; i < r_r->num_ref_doms_2; i++)
{
- slprintf(t, sizeof(t) - 1, "sid_ptr[%d] ", i);
- smb_io_dom_sid2("", &(r_r->ref_dom[s].ref_dom), ps, depth); /* referenced domain SIDs */
- s++;
+ fstring t;
+
+ if (r_r->hdr_ref_dom[i].hdr_dom_name.buffer != 0)
+ {
+ slprintf(t, sizeof(t) - 1, "dom_ref[%d] ", i);
+ smb_io_unistr2(t, &(r_r->ref_dom[n].uni_dom_name), True, ps, depth); /* domain name unicode string */
+ n++;
+ }
+
+ if (r_r->hdr_ref_dom[i].ptr_dom_sid != 0)
+ {
+ slprintf(t, sizeof(t) - 1, "sid_ptr[%d] ", i);
+ smb_io_dom_sid2("", &(r_r->ref_dom[s].ref_dom), ps, depth); /* referenced domain SIDs */
+ s++;
+ }
}
}
}
diff --git a/source/rpc_server/srv_lsa.c b/source/rpc_server/srv_lsa.c
index 5f4f9fb929d..4db97f6d4c0 100644
--- a/source/rpc_server/srv_lsa.c
+++ b/source/rpc_server/srv_lsa.c
@@ -177,7 +177,7 @@ static int make_dom_ref(DOM_R_REF *ref, char *dom_name, DOM_SID *dom_sid)
ref->undoc_buffer = 1;
ref->num_ref_doms_1 = num+1;
- ref->undoc_buffer2 = 1;
+ ref->ptr_ref_dom = 1;
ref->max_entries = MAX_REF_DOMAINS;
ref->num_ref_doms_2 = num+1;