r4490: when implementing one rpc server call in terms of another call, you
authorAndrew Tridgell <tridge@samba.org>
Sun, 2 Jan 2005 23:31:12 +0000 (23:31 +0000)
committerGerald (Jerry) Carter <jerry@samba.org>
Wed, 10 Oct 2007 18:08:12 +0000 (13:08 -0500)
must zero r.out before making the 2nd call if the 2nd call has any
non-ref out parameters. This is needed for the case where the 2nd call
fails, and the 1st call would then fill in its out fields based on
uninitialised memory.
(This used to be commit 202470326dcfaa5d36aaaf6be47eec40fed50402)

source4/rpc_server/samr/dcesrv_samr.c

index 3650c904a3df713b289727bbcba0e5b9f4504d45..92de6fe402393b464d6fa72fc1045c2d6c274bc2 100644 (file)
@@ -3306,6 +3306,7 @@ static NTSTATUS samr_QueryUserInfo2(struct dcesrv_call_state *dce_call, TALLOC_C
        struct samr_QueryUserInfo r1;
        NTSTATUS status;
 
+       ZERO_STRUCT(r1.out);
        r1.in.user_handle = r->in.user_handle;
        r1.in.level  = r->in.level;
        
@@ -3321,7 +3322,7 @@ static NTSTATUS samr_QueryUserInfo2(struct dcesrv_call_state *dce_call, TALLOC_C
   samr_QueryDisplayInfo2 
 */
 static NTSTATUS samr_QueryDisplayInfo2(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
-                      struct samr_QueryDisplayInfo2 *r)
+                                      struct samr_QueryDisplayInfo2 *r)
 {
        struct samr_QueryDisplayInfo q;
        NTSTATUS result;
@@ -3331,6 +3332,7 @@ static NTSTATUS samr_QueryDisplayInfo2(struct dcesrv_call_state *dce_call, TALLO
        q.in.start_idx = r->in.start_idx;
        q.in.max_entries = r->in.max_entries;
        q.in.buf_size = r->in.buf_size;
+       ZERO_STRUCT(q.out);
 
        result = samr_QueryDisplayInfo(dce_call, mem_ctx, &q);