From: Stefan Metzmacher <metze@samba.org>
Date: Fri, 15 Feb 2008 09:30:15 +0000 (+0100)
Subject: libwbclient: wbcAuthenticateUserEx() be more strict regarding invalid parameters
X-Git-Tag: samba-3.2.0pre2~37^2~162^2~26
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=491ba9c0c9d479bc686c75242a3749f14d103fcd;p=thirdparty%2Fsamba.git

libwbclient: wbcAuthenticateUserEx() be more strict regarding invalid parameters

metze
---

diff --git a/source/nsswitch/libwbclient/wbc_pam.c b/source/nsswitch/libwbclient/wbc_pam.c
index e7bcdfe20d7..cf56a8b6d6d 100644
--- a/source/nsswitch/libwbclient/wbc_pam.c
+++ b/source/nsswitch/libwbclient/wbc_pam.c
@@ -265,11 +265,10 @@ wbcErr wbcAuthenticateUserEx(const struct wbcAuthUserParams *params,
 			     struct wbcAuthErrorInfo **error)
 {
 	wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE;
-	int cmd;
+	int cmd = 0;
 	struct winbindd_request request;
 	struct winbindd_response response;
 
-
 	ZERO_STRUCT(request);
 	ZERO_STRUCT(response);
 
@@ -282,6 +281,11 @@ wbcErr wbcAuthenticateUserEx(const struct wbcAuthUserParams *params,
 		BAIL_ON_WBC_ERROR(wbc_status);
 	}
 
+	if (!params->account_name) {
+		wbc_status = WBC_ERR_INVALID_PARAM;
+		BAIL_ON_WBC_ERROR(wbc_status);
+	}
+
 	/* Initialize request */
 
 	switch (params->level) {
@@ -301,12 +305,36 @@ wbcErr wbcAuthenticateUserEx(const struct wbcAuthUserParams *params,
 				WBFLAG_PAM_USER_SESSION_KEY |
 				WBFLAG_PAM_LMKEY;
 
+		if (params->password.response.lm_length &&
+		    params->password.response.lm_data) {
+			wbc_status = WBC_ERR_INVALID_PARAM;
+			BAIL_ON_WBC_ERROR(wbc_status);
+		}
+		if (params->password.response.lm_length == 0 &&
+		    params->password.response.lm_data) {
+			wbc_status = WBC_ERR_INVALID_PARAM;
+			BAIL_ON_WBC_ERROR(wbc_status);
+		}
+
+		if (params->password.response.nt_length &&
+		    !params->password.response.nt_data) {
+			wbc_status = WBC_ERR_INVALID_PARAM;
+			BAIL_ON_WBC_ERROR(wbc_status);
+		}
+		if (params->password.response.nt_length == 0&&
+		    params->password.response.nt_data) {
+			wbc_status = WBC_ERR_INVALID_PARAM;
+			BAIL_ON_WBC_ERROR(wbc_status);
+		}
+
 		strncpy(request.data.auth_crap.user,
 			params->account_name,
 			sizeof(request.data.auth_crap.user)-1);
-		strncpy(request.data.auth_crap.domain,
-			params->domain_name,
-			sizeof(request.data.auth_crap.domain)-1);
+		if (params->domain_name) {
+			strncpy(request.data.auth_crap.domain,
+				params->domain_name,
+				sizeof(request.data.auth_crap.domain)-1);
+		}
 		if (params->workstation_name) {
 			strncpy(request.data.auth_crap.workstation,
 				params->workstation_name,
@@ -326,16 +354,24 @@ wbcErr wbcAuthenticateUserEx(const struct wbcAuthUserParams *params,
 		request.data.auth_crap.nt_resp_len =
 				MIN(params->password.response.nt_length,
 				    sizeof(request.data.auth_crap.nt_resp));
-		memcpy(request.data.auth_crap.lm_resp,
-		       params->password.response.lm_data,
-		       request.data.auth_crap.lm_resp_len);
-		memcpy(request.data.auth_crap.nt_resp,
-		       params->password.response.nt_data,
-		       request.data.auth_crap.nt_resp_len);
-
+		if (params->password.response.lm_data) {
+			memcpy(request.data.auth_crap.lm_resp,
+			       params->password.response.lm_data,
+			       request.data.auth_crap.lm_resp_len);
+		}
+		if (params->password.response.nt_data) {
+			memcpy(request.data.auth_crap.nt_resp,
+			       params->password.response.nt_data,
+			       request.data.auth_crap.nt_resp_len);
+		}
 		break;
 	}
 
+	if (cmd == 0) {
+		wbc_status = WBC_ERR_INVALID_PARAM;
+		BAIL_ON_WBC_ERROR(wbc_status);
+	}
+
 	wbc_status = wbcRequestResponse(cmd,
 					&request,
 					&response);