From: Joseph Sutton <josephsutton@catalyst.net.nz>
Date: Mon, 30 Oct 2023 23:14:27 +0000 (+1300)
Subject: s4:rpc_server: Properly initialize ‘lsa_CreateTrustedDomainEx2’ structure (CID 1499404)
X-Git-Tag: talloc-2.4.2~872
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=1372ef0ef46f6eee615c2fffd5286e96aeb8417a;p=thirdparty%2Fsamba.git

s4:rpc_server: Properly initialize ‘lsa_CreateTrustedDomainEx2’ structure (CID 1499404)

dcesrv_lsa_CreateTrustedDomain_base() invokes DCESRV_PULL_HANDLE(),
which invokes DCESRV_PULL_HANDLE_RETVAL(), which invokes
DCESRV_CHECK_HANDLE(), which might invoke DCESRV_FAULT(), which accesses
r2.out.result, which is uninitialized — invoking undefined behaviour.

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Thu Nov  2 04:04:49 UTC 2023 on atb-devel-224
---

diff --git a/source4/rpc_server/lsa/dcesrv_lsa.c b/source4/rpc_server/lsa/dcesrv_lsa.c
index d1342747e88..206c002f907 100644
--- a/source4/rpc_server/lsa/dcesrv_lsa.c
+++ b/source4/rpc_server/lsa/dcesrv_lsa.c
@@ -1431,7 +1431,7 @@ static NTSTATUS dcesrv_lsa_CreateTrustedDomainEx(struct dcesrv_call_state *dce_c
 					  TALLOC_CTX *mem_ctx,
 					  struct lsa_CreateTrustedDomainEx *r)
 {
-	struct lsa_CreateTrustedDomainEx2 r2;
+	struct lsa_CreateTrustedDomainEx2 r2 = {};
 
 	r2.in.policy_handle = r->in.policy_handle;
 	r2.in.info = r->in.info;