libwbclient: wbcAuthenticateUserEx() be more strict regarding invalid parameters

author Stefan Metzmacher <metze@samba.org>

Fri, 15 Feb 2008 09:30:15 +0000 (10:30 +0100)

committer Stefan Metzmacher <metze@samba.org>

Fri, 15 Feb 2008 10:55:17 +0000 (11:55 +0100)
author Stefan Metzmacher <metze@samba.org>
Fri, 15 Feb 2008 09:30:15 +0000 (10:30 +0100)
committer Stefan Metzmacher <metze@samba.org>
Fri, 15 Feb 2008 10:55:17 +0000 (11:55 +0100)
diff --git a/source/nsswitch/libwbclient/wbc_pam.c b/source/nsswitch/libwbclient/wbc_pam.c

index e7bcdfe20d7af826a5fda704097611ce5479745e..cf56a8b6d6d08f959f91e890570ee1e078b754f1 100644 (file)
--- a/source/nsswitch/libwbclient/wbc_pam.c
+++ b/source/nsswitch/libwbclient/wbc_pam.c
@@ -265,11 +265,10 @@ wbcErr wbcAuthenticateUserEx(const struct wbcAuthUserParams *params,
                              struct wbcAuthErrorInfo **error)
  {
         wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE;
-       int cmd;
+       int cmd = 0;
         struct winbindd_request request;
         struct winbindd_response response;
  
-
         ZERO_STRUCT(request);
         ZERO_STRUCT(response);
  
@@ -282,6 +281,11 @@ wbcErr wbcAuthenticateUserEx(const struct wbcAuthUserParams *params,
                 BAIL_ON_WBC_ERROR(wbc_status);
         }
  
+       if (!params->account_name) {
+               wbc_status = WBC_ERR_INVALID_PARAM;
+               BAIL_ON_WBC_ERROR(wbc_status);
+       }
+
         /* Initialize request */
  
         switch (params->level) {
@@ -301,12 +305,36 @@ wbcErr wbcAuthenticateUserEx(const struct wbcAuthUserParams *params,
                                 WBFLAG_PAM_USER_SESSION_KEY |
                                 WBFLAG_PAM_LMKEY;
  
+               if (params->password.response.lm_length &&
+                   params->password.response.lm_data) {
+                       wbc_status = WBC_ERR_INVALID_PARAM;
+                       BAIL_ON_WBC_ERROR(wbc_status);
+               }
+               if (params->password.response.lm_length == 0 &&
+                   params->password.response.lm_data) {
+                       wbc_status = WBC_ERR_INVALID_PARAM;
+                       BAIL_ON_WBC_ERROR(wbc_status);
+               }
+
+               if (params->password.response.nt_length &&
+                   !params->password.response.nt_data) {
+                       wbc_status = WBC_ERR_INVALID_PARAM;
+                       BAIL_ON_WBC_ERROR(wbc_status);
+               }
+               if (params->password.response.nt_length == 0&&
+                   params->password.response.nt_data) {
+                       wbc_status = WBC_ERR_INVALID_PARAM;
+                       BAIL_ON_WBC_ERROR(wbc_status);
+               }
+
                 strncpy(request.data.auth_crap.user,
                         params->account_name,
                         sizeof(request.data.auth_crap.user)-1);
-               strncpy(request.data.auth_crap.domain,
-                       params->domain_name,
-                       sizeof(request.data.auth_crap.domain)-1);
+               if (params->domain_name) {
+                       strncpy(request.data.auth_crap.domain,
+                               params->domain_name,
+                               sizeof(request.data.auth_crap.domain)-1);
+               }
                 if (params->workstation_name) {
                         strncpy(request.data.auth_crap.workstation,
                                 params->workstation_name,
@@ -326,16 +354,24 @@ wbcErr wbcAuthenticateUserEx(const struct wbcAuthUserParams *params,
                 request.data.auth_crap.nt_resp_len =
                                 MIN(params->password.response.nt_length,
                                     sizeof(request.data.auth_crap.nt_resp));
-               memcpy(request.data.auth_crap.lm_resp,
-                      params->password.response.lm_data,
-                      request.data.auth_crap.lm_resp_len);
-               memcpy(request.data.auth_crap.nt_resp,
-                      params->password.response.nt_data,
-                      request.data.auth_crap.nt_resp_len);
-
+               if (params->password.response.lm_data) {
+                       memcpy(request.data.auth_crap.lm_resp,
+                              params->password.response.lm_data,
+                              request.data.auth_crap.lm_resp_len);
+               }
+               if (params->password.response.nt_data) {
+                       memcpy(request.data.auth_crap.nt_resp,
+                              params->password.response.nt_data,
+                              request.data.auth_crap.nt_resp_len);
+               }
                 break;
         }
  
+       if (cmd == 0) {
+               wbc_status = WBC_ERR_INVALID_PARAM;
+               BAIL_ON_WBC_ERROR(wbc_status);
+       }
+
         wbc_status = wbcRequestResponse(cmd,
                                         &request,
                                         &response);
author	Stefan Metzmacher <metze@samba.org>
	Fri, 15 Feb 2008 09:30:15 +0000 (10:30 +0100)
committer	Stefan Metzmacher <metze@samba.org>
	Fri, 15 Feb 2008 10:55:17 +0000 (11:55 +0100)