Blob Blame History Raw
From a2b0dcbb525b7aa3a6f79ca8f8cca4ef7fc2f8f7 Mon Sep 17 00:00:00 2001
From: Andreas Schneider <asn@samba.org>
Date: Tue, 16 Jul 2019 15:45:51 +0200
Subject: [PATCH 060/187] s3:rpcclient: Use a stackframe for temporary memory

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit 9158a6ba8693070f3b2b71dd15089488869ab6cd)
---
 source3/rpcclient/cmd_samr.c | 56 +++++++++++++++++++++++++-----------
 1 file changed, 39 insertions(+), 17 deletions(-)

diff --git a/source3/rpcclient/cmd_samr.c b/source3/rpcclient/cmd_samr.c
index b1b7c06515c..0cd8b50058e 100644
--- a/source3/rpcclient/cmd_samr.c
+++ b/source3/rpcclient/cmd_samr.c
@@ -3043,6 +3043,7 @@ static NTSTATUS cmd_samr_setuserinfo_int(struct rpc_pipe_client *cli,
 	DATA_BLOB session_key;
 	uint8_t password_expired = 0;
 	struct dcerpc_binding_handle *b = cli->binding_handle;
+	TALLOC_CTX *frame = NULL;
 
 	if (argc < 4) {
 		printf("Usage: %s username level password [password_expired]\n",
@@ -3050,6 +3051,8 @@ static NTSTATUS cmd_samr_setuserinfo_int(struct rpc_pipe_client *cli,
 		return NT_STATUS_INVALID_PARAMETER;
 	}
 
+	frame = talloc_stackframe();
+
 	user = argv[1];
 	level = atoi(argv[2]);
 	param = argv[3];
@@ -3058,18 +3061,18 @@ static NTSTATUS cmd_samr_setuserinfo_int(struct rpc_pipe_client *cli,
 		password_expired = atoi(argv[4]);
 	}
 
-	status = cli_get_session_key(mem_ctx, cli, &session_key);
+	status = cli_get_session_key(frame, cli, &session_key);
 	if (!NT_STATUS_IS_OK(status)) {
-		return status;
+		goto done;
 	}
 
 	status = init_samr_CryptPassword(param, &session_key, &pwd_buf);
 	if (!NT_STATUS_IS_OK(status)) {
-		return status;
+		goto done;
 	}
 	status = init_samr_CryptPasswordEx(param, &session_key, &pwd_buf_ex);
 	if (!NT_STATUS_IS_OK(status)) {
-		return status;
+		goto done;
 	}
 	nt_lm_owf_gen(param, nt_hash, lm_hash);
 
@@ -3078,14 +3081,22 @@ static NTSTATUS cmd_samr_setuserinfo_int(struct rpc_pipe_client *cli,
 		{
 			DATA_BLOB in,out;
 			in = data_blob_const(nt_hash, 16);
-			out = data_blob_talloc_zero(mem_ctx, 16);
+			out = data_blob_talloc_zero(frame, 16);
+			if (out.data == NULL) {
+				status = NT_STATUS_NO_MEMORY;
+				goto done;
+			}
 			sess_crypt_blob(&out, &in, &session_key, true);
 			memcpy(nt_hash, out.data, out.length);
 		}
 		{
 			DATA_BLOB in,out;
 			in = data_blob_const(lm_hash, 16);
-			out = data_blob_talloc_zero(mem_ctx, 16);
+			out = data_blob_talloc_zero(frame, 15);
+			if (out.data == NULL) {
+				status = NT_STATUS_NO_MEMORY;
+				goto done;
+			}
 			sess_crypt_blob(&out, &in, &session_key, true);
 			memcpy(lm_hash, out.data, out.length);
 		}
@@ -3118,18 +3129,26 @@ static NTSTATUS cmd_samr_setuserinfo_int(struct rpc_pipe_client *cli,
 		{
 			DATA_BLOB in,out;
 			in = data_blob_const(nt_hash, 16);
-			out = data_blob_talloc_zero(mem_ctx, 16);
+			out = data_blob_talloc_zero(frame, 16);
+			if (out.data == NULL) {
+				status = NT_STATUS_NO_MEMORY;
+				goto done;
+			}
 			sess_crypt_blob(&out, &in, &session_key, true);
 			info.info21.nt_owf_password.array =
-				(uint16_t *)talloc_memdup(mem_ctx, out.data, 16);
+				(uint16_t *)talloc_memdup(frame, out.data, 16);
 		}
 		{
 			DATA_BLOB in,out;
 			in = data_blob_const(lm_hash, 16);
-			out = data_blob_talloc_zero(mem_ctx, 16);
+			out = data_blob_talloc_zero(frame, 16);
 			sess_crypt_blob(&out, &in, &session_key, true);
 			info.info21.lm_owf_password.array =
-				(uint16_t *)talloc_memdup(mem_ctx, out.data, 16);
+				(uint16_t *)talloc_memdup(frame, out.data, 16);
+			if (out.data == NULL) {
+				status = NT_STATUS_NO_MEMORY;
+				goto done;
+			}
 		}
 
 		break;
@@ -3175,7 +3194,7 @@ static NTSTATUS cmd_samr_setuserinfo_int(struct rpc_pipe_client *cli,
 
 	/* Get sam policy handle */
 
-	status = rpccli_try_samr_connects(cli, mem_ctx,
+	status = rpccli_try_samr_connects(cli, frame,
 					  MAXIMUM_ALLOWED_ACCESS,
 					  &connect_pol);
 	if (!NT_STATUS_IS_OK(status)) {
@@ -3184,7 +3203,7 @@ static NTSTATUS cmd_samr_setuserinfo_int(struct rpc_pipe_client *cli,
 
 	/* Get domain policy handle */
 
-	status = dcerpc_samr_OpenDomain(b, mem_ctx,
+	status = dcerpc_samr_OpenDomain(b, frame,
 					&connect_pol,
 					access_mask,
 					&domain_sid,
@@ -3200,7 +3219,7 @@ static NTSTATUS cmd_samr_setuserinfo_int(struct rpc_pipe_client *cli,
 
 	user_rid = strtol(user, NULL, 0);
 	if (user_rid) {
-		status = dcerpc_samr_OpenUser(b, mem_ctx,
+		status = dcerpc_samr_OpenUser(b, frame,
 					      &domain_pol,
 					      access_mask,
 					      user_rid,
@@ -3222,7 +3241,7 @@ static NTSTATUS cmd_samr_setuserinfo_int(struct rpc_pipe_client *cli,
 
 		init_lsa_String(&lsa_acct_name, user);
 
-		status = dcerpc_samr_LookupNames(b, mem_ctx,
+		status = dcerpc_samr_LookupNames(b, frame,
 						 &domain_pol,
 						 1,
 						 &lsa_acct_name,
@@ -3242,7 +3261,7 @@ static NTSTATUS cmd_samr_setuserinfo_int(struct rpc_pipe_client *cli,
 			return NT_STATUS_INVALID_NETWORK_RESPONSE;
 		}
 
-		status = dcerpc_samr_OpenUser(b, mem_ctx,
+		status = dcerpc_samr_OpenUser(b, frame,
 					      &domain_pol,
 					      access_mask,
 					      rids.ids[0],
@@ -3258,14 +3277,14 @@ static NTSTATUS cmd_samr_setuserinfo_int(struct rpc_pipe_client *cli,
 
 	switch (opcode) {
 	case NDR_SAMR_SETUSERINFO:
-		status = dcerpc_samr_SetUserInfo(b, mem_ctx,
+		status = dcerpc_samr_SetUserInfo(b, frame,
 						 &user_pol,
 						 level,
 						 &info,
 						 &result);
 		break;
 	case NDR_SAMR_SETUSERINFO2:
-		status = dcerpc_samr_SetUserInfo2(b, mem_ctx,
+		status = dcerpc_samr_SetUserInfo2(b, frame,
 						  &user_pol,
 						  level,
 						  &info,
@@ -3283,7 +3302,10 @@ static NTSTATUS cmd_samr_setuserinfo_int(struct rpc_pipe_client *cli,
 		DEBUG(0,("result: %s\n", nt_errstr(status)));
 		goto done;
 	}
+
+	status = NT_STATUS_OK;
  done:
+	TALLOC_FREE(frame);
 	return status;
 }
 
-- 
2.23.0