From f11edc1741ea584552e608947cc08956c67cbf9e Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Tue, 29 Nov 2022 15:42:27 +0100 Subject: [PATCH] CVE-2022-37966 s4:libnet: initialize libnet_SetPassword() arguments explicitly to zero by default. BUG: https://bugzilla.samba.org/show_bug.cgi?id=15237 Signed-off-by: Stefan Metzmacher Reviewed-by: Joseph Sutton Reviewed-by: Andrew Bartlett (cherry picked from commit 9e69289b099b47e0352ef67ef7e6529d11688e9a) --- source4/libnet/libnet_join.c | 4 ++-- source4/libnet/libnet_passwd.c | 2 ++ 2 files changed, 4 insertions(+), 2 deletions(-) diff --git a/source4/libnet/libnet_join.c b/source4/libnet/libnet_join.c index 825a81579cc..d1afb4f22b9 100644 --- a/source4/libnet/libnet_join.c +++ b/source4/libnet/libnet_join.c @@ -487,8 +487,8 @@ NTSTATUS libnet_JoinDomain(struct libnet_context *ctx, TALLOC_CTX *mem_ctx, stru const char *password_str = NULL; r->out.error_string = NULL; - r2.samr_handle.out.error_string = NULL; - + ZERO_STRUCT(r2); + tmp_ctx = talloc_named(mem_ctx, 0, "libnet_Join temp context"); if (!tmp_ctx) { r->out.error_string = NULL; diff --git a/source4/libnet/libnet_passwd.c b/source4/libnet/libnet_passwd.c index 2bb7e392bd8..d97e05c58ec 100644 --- a/source4/libnet/libnet_passwd.c +++ b/source4/libnet/libnet_passwd.c @@ -834,6 +834,7 @@ static NTSTATUS libnet_SetPassword_samr(struct libnet_context *ctx, TALLOC_CTX * goto disconnect; } + ZERO_STRUCT(r2); r2.samr_handle.level = LIBNET_SET_PASSWORD_SAMR_HANDLE; r2.samr_handle.in.account_name = r->samr.in.account_name; r2.samr_handle.in.newpassword = r->samr.in.newpassword; @@ -857,6 +858,7 @@ static NTSTATUS libnet_SetPassword_generic(struct libnet_context *ctx, TALLOC_CT NTSTATUS status; union libnet_SetPassword r2; + ZERO_STRUCT(r2); r2.samr.level = LIBNET_SET_PASSWORD_SAMR; r2.samr.in.account_name = r->generic.in.account_name; r2.samr.in.domain_name = r->generic.in.domain_name; -- 2.47.2