From a2b0dcbb525b7aa3a6f79ca8f8cca4ef7fc2f8f7 Mon Sep 17 00:00:00 2001

From: Andreas Schneider <asn@samba.org>

Date: Tue, 16 Jul 2019 15:45:51 +0200

Subject: [PATCH 060/187] s3:rpcclient: Use a stackframe for temporary memory

Signed-off-by: Andreas Schneider <asn@samba.org>

Reviewed-by: Andrew Bartlett <abartlet@samba.org>

(cherry picked from commit 9158a6ba8693070f3b2b71dd15089488869ab6cd)

---

 source3/rpcclient/cmd_samr.c | 56 +++++++++++++++++++++++++-----------

 1 file changed, 39 insertions(+), 17 deletions(-)

diff --git a/source3/rpcclient/cmd_samr.c b/source3/rpcclient/cmd_samr.c

index b1b7c06515c..0cd8b50058e 100644

--- a/source3/rpcclient/cmd_samr.c

+++ b/source3/rpcclient/cmd_samr.c

@@ -3043,6 +3043,7 @@ static NTSTATUS cmd_samr_setuserinfo_int(struct rpc_pipe_client *cli,

 	DATA_BLOB session_key;

 	uint8_t password_expired = 0;

 	struct dcerpc_binding_handle *b = cli->binding_handle;

+	TALLOC_CTX *frame = NULL;

 	if (argc < 4) {

 		printf("Usage: %s username level password [password_expired]\n",

@@ -3050,6 +3051,8 @@ static NTSTATUS cmd_samr_setuserinfo_int(struct rpc_pipe_client *cli,

 		return NT_STATUS_INVALID_PARAMETER;

 	}

+	frame = talloc_stackframe();

+

 	user = argv[1];

 	level = atoi(argv[2]);

 	param = argv[3];

@@ -3058,18 +3061,18 @@ static NTSTATUS cmd_samr_setuserinfo_int(struct rpc_pipe_client *cli,

 		password_expired = atoi(argv[4]);

 	}

-	status = cli_get_session_key(mem_ctx, cli, &session_key);

+	status = cli_get_session_key(frame, cli, &session_key);

 	if (!NT_STATUS_IS_OK(status)) {

-		return status;

+		goto done;

 	}

 	status = init_samr_CryptPassword(param, &session_key, &pwd_buf);

 	if (!NT_STATUS_IS_OK(status)) {

-		return status;

+		goto done;

 	}

 	status = init_samr_CryptPasswordEx(param, &session_key, &pwd_buf_ex);

 	if (!NT_STATUS_IS_OK(status)) {

-		return status;

+		goto done;

 	}

 	nt_lm_owf_gen(param, nt_hash, lm_hash);

@@ -3078,14 +3081,22 @@ static NTSTATUS cmd_samr_setuserinfo_int(struct rpc_pipe_client *cli,

 		{

 			DATA_BLOB in,out;

 			in = data_blob_const(nt_hash, 16);

-			out = data_blob_talloc_zero(mem_ctx, 16);

+			out = data_blob_talloc_zero(frame, 16);

+			if (out.data == NULL) {

+				status = NT_STATUS_NO_MEMORY;

+				goto done;

+			}

 			sess_crypt_blob(&out, &in, &session_key, true);

 			memcpy(nt_hash, out.data, out.length);

 		}

 		{

 			DATA_BLOB in,out;

 			in = data_blob_const(lm_hash, 16);

-			out = data_blob_talloc_zero(mem_ctx, 16);

+			out = data_blob_talloc_zero(frame, 15);

+			if (out.data == NULL) {

+				status = NT_STATUS_NO_MEMORY;

+				goto done;

+			}

 			sess_crypt_blob(&out, &in, &session_key, true);

 			memcpy(lm_hash, out.data, out.length);

 		}

@@ -3118,18 +3129,26 @@ static NTSTATUS cmd_samr_setuserinfo_int(struct rpc_pipe_client *cli,

 		{

 			DATA_BLOB in,out;

 			in = data_blob_const(nt_hash, 16);

-			out = data_blob_talloc_zero(mem_ctx, 16);

+			out = data_blob_talloc_zero(frame, 16);

+			if (out.data == NULL) {

+				status = NT_STATUS_NO_MEMORY;

+				goto done;

+			}

 			sess_crypt_blob(&out, &in, &session_key, true);

 			info.info21.nt_owf_password.array =

-				(uint16_t *)talloc_memdup(mem_ctx, out.data, 16);

+				(uint16_t *)talloc_memdup(frame, out.data, 16);

 		}

 		{

 			DATA_BLOB in,out;

 			in = data_blob_const(lm_hash, 16);

-			out = data_blob_talloc_zero(mem_ctx, 16);

+			out = data_blob_talloc_zero(frame, 16);

 			sess_crypt_blob(&out, &in, &session_key, true);

 			info.info21.lm_owf_password.array =

-				(uint16_t *)talloc_memdup(mem_ctx, out.data, 16);

+				(uint16_t *)talloc_memdup(frame, out.data, 16);

+			if (out.data == NULL) {

+				status = NT_STATUS_NO_MEMORY;

+				goto done;

+			}

 		}

 		break;

@@ -3175,7 +3194,7 @@ static NTSTATUS cmd_samr_setuserinfo_int(struct rpc_pipe_client *cli,

 	/* Get sam policy handle */

-	status = rpccli_try_samr_connects(cli, mem_ctx,

+	status = rpccli_try_samr_connects(cli, frame,

 					  MAXIMUM_ALLOWED_ACCESS,

 					  &connect_pol);

 	if (!NT_STATUS_IS_OK(status)) {

@@ -3184,7 +3203,7 @@ static NTSTATUS cmd_samr_setuserinfo_int(struct rpc_pipe_client *cli,

 	/* Get domain policy handle */

-	status = dcerpc_samr_OpenDomain(b, mem_ctx,

+	status = dcerpc_samr_OpenDomain(b, frame,

 					&connect_pol,

 					access_mask,

 					&domain_sid,

@@ -3200,7 +3219,7 @@ static NTSTATUS cmd_samr_setuserinfo_int(struct rpc_pipe_client *cli,

 	user_rid = strtol(user, NULL, 0);

 	if (user_rid) {

-		status = dcerpc_samr_OpenUser(b, mem_ctx,

+		status = dcerpc_samr_OpenUser(b, frame,

 					      &domain_pol,

 					      access_mask,

 					      user_rid,

@@ -3222,7 +3241,7 @@ static NTSTATUS cmd_samr_setuserinfo_int(struct rpc_pipe_client *cli,

 		init_lsa_String(&lsa_acct_name, user);

-		status = dcerpc_samr_LookupNames(b, mem_ctx,

+		status = dcerpc_samr_LookupNames(b, frame,

 						 &domain_pol,

 						 1,

 						 &lsa_acct_name,

@@ -3242,7 +3261,7 @@ static NTSTATUS cmd_samr_setuserinfo_int(struct rpc_pipe_client *cli,

 			return NT_STATUS_INVALID_NETWORK_RESPONSE;

 		}

-		status = dcerpc_samr_OpenUser(b, mem_ctx,

+		status = dcerpc_samr_OpenUser(b, frame,

 					      &domain_pol,

 					      access_mask,

 					      rids.ids[0],

@@ -3258,14 +3277,14 @@ static NTSTATUS cmd_samr_setuserinfo_int(struct rpc_pipe_client *cli,

 	switch (opcode) {

 	case NDR_SAMR_SETUSERINFO:

-		status = dcerpc_samr_SetUserInfo(b, mem_ctx,

+		status = dcerpc_samr_SetUserInfo(b, frame,

 						 &user_pol,

 						 level,

 						 &info,

 						 &result);

 		break;

 	case NDR_SAMR_SETUSERINFO2:

-		status = dcerpc_samr_SetUserInfo2(b, mem_ctx,

+		status = dcerpc_samr_SetUserInfo2(b, frame,

 						  &user_pol,

 						  level,

 						  &info,

@@ -3283,7 +3302,10 @@ static NTSTATUS cmd_samr_setuserinfo_int(struct rpc_pipe_client *cli,

 		DEBUG(0,("result: %s\n", nt_errstr(status)));

 		goto done;

 	}

+

+	status = NT_STATUS_OK;

  done:

+	TALLOC_FREE(frame);

 	return status;

 }

-- 

2.23.0