s3:rpcclient - fix NULL deref caused by user error with chgpasswd3
I misremembered the arguments to pass this one from CLI and crashed it.
rpcclient $> chgpasswd3 smbuser Dogs1234
Segmentation fault (core dumped)
root@fbsd12:/usr/ports/net/samba # gdb /usr/local/bin/rpcclient rpcclient.core
Core was generated by `rpcclient //192.168.1.120 -U smbuser%Cats1234'.
Program terminated with signal SIGSEGV, Segmentation fault.
#0 0x000000080ea5bfaf in strlen () from /lib/libc.so.7
(gdb) bt
#0 0x000000080ea5bfaf in strlen () from /lib/libc.so.7
#1 0x0000000803757f63 in push_ucs2_talloc (ctx=0x0, dest=0x7fffffffe130, src=0x0,
converted_size=0x7fffffffe138) at ../../lib/util/charset/pull_push.c:41
#2 0x0000000805a7f563 in E_md4hash (passwd=0x0, p16=0x7fffffffe1c0 ",\265\343\030\307Q=\326")
at ../../libcli/auth/smbencrypt.c:89
#3 0x00000000010a2db3 in dcerpc_samr_chgpasswd_user3 (h=0x80f70bc60, mem_ctx=0x80f6c83e0,
srv_name_slash=0x80f710590 "\\\\192.168.1.120", username=0x802dfe06b "smbuser", newpassword=0x0,
oldpassword=0x802dfe073 "Dogs1234", dominfo1=0x7fffffffe6d0, reject=0x7fffffffe6c8,
presult=0x7fffffffe680) at ../../source3/rpc_client/cli_samr.c:374
#4 0x00000000010a308d in rpccli_samr_chgpasswd_user3 (cli=<optimized out>, mem_ctx=0x7fffffffe130,
username=0x0,
newpassword=0xfefefefefefefeff <error: Cannot access memory at address 0xfefefefefefefeff>,
oldpassword=0x8080808080808080 <error: Cannot access memory at address 0x8080808080808080>,
dominfo1=0x0, reject=0x7fffffffe6c8) at ../../source3/rpc_client/cli_samr.c:451
#5 0x00000000010bbf54 in cmd_samr_chgpasswd3 (cli=0x80f7263e0, mem_ctx=0x80f6c83e0,
argc=<optimized out>, argv=<optimized out>) at ../../source3/rpcclient/cmd_samr.c:3070
#6 0x00000000010b3135 in do_cmd (cli=<optimized out>, auth_info=<optimized out>,
cmd_entry=<optimized out>, binding=<optimized out>, argc=3, argv=0x802dfe040)
at ../../source3/rpcclient/rpcclient.c:916
#7 process_cmd (auth_info=<optimized out>, cli=<optimized out>, binding=<optimized out>,
cmd=<optimized out>) at ../../source3/rpcclient/rpcclient.c:971
#8 0x00000000010b2b6c in main (argc=<optimized out>, argv=<optimized out>)
at ../../source3/rpcclient/rpcclient.c:1294
Checklist
-
Commits have Signed-off-by:
with name/author being identical to the commit author -
(optional) This MR is just one part towards a larger feature. -
(optional, if backport required) Bugzilla bug filed and BUG:
tag added -
Test suite updated with functionality tests -
Test suite updated with negative tests -
Documentation updated -
CI timeout is 3h or higher (see Settings/CICD/General pipelines/ Timeout)
Reviewer's checklist:
-
There is a test suite reasonably covering new functionality or modifications -
Function naming, parameters, return values, types, etc., are consistent and according to README.Coding.md
-
This feature/change has adequate documentation added -
No obvious mistakes in the code
Edited by Andrew Walker