s3:passdb: always copy the history in pdb_set_plaintext_passwd()

We should not write to memory marked as const
(returned from pdb_get_pw_history())!

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

diff --git a/source3/passdb/pdb_get_set.c b/source3/passdb/pdb_get_set.c
index 0d7f4cb17b80af3d01042bf027df5d76215f4770..1b716f4728fd66ada0cdec98068cbc3b520e9987 100644 (file)
--- a/source3/passdb/pdb_get_set.c
+++ b/source3/passdb/pdb_get_set.c
@@ -1001,6 +1001,7 @@ bool pdb_set_plaintext_passwd(struct samu *sampass, const char *plaintext)
        uchar *pwhistory;
        uint32_t pwHistLen;
        uint32_t current_history_len;
+       const uint8_t *current_history;
 
        if (!plaintext)
                return False;
@@ -1051,33 +1052,27 @@ bool pdb_set_plaintext_passwd(struct samu *sampass, const char *plaintext)
         * the pw_history was first loaded into the struct samu struct
         * and now.... JRA.
         */
-       pwhistory = (uchar *)pdb_get_pw_history(sampass, &current_history_len);
-
-       if ((current_history_len != 0) && (pwhistory == NULL)) {
+       current_history = pdb_get_pw_history(sampass, &current_history_len);
+       if ((current_history_len != 0) && (current_history == NULL)) {
                DEBUG(1, ("pdb_set_plaintext_passwd: pwhistory == NULL!\n"));
                return false;
        }
 
-       if (current_history_len < pwHistLen) {
-               /*
-                * Ensure we have space for the needed history. This
-                * also takes care of an account which did not have
-                * any history at all so far, i.e. pwhistory==NULL
-                */
-               uchar *new_history = talloc_zero_array(
+       /*
+        * Ensure we have space for the needed history. This
+        * also takes care of an account which did not have
+        * any history at all so far, i.e. pwhistory==NULL
+        */
+       pwhistory = talloc_zero_array(
                        sampass, uchar,
                        pwHistLen*PW_HISTORY_ENTRY_LEN);
-
-               if (!new_history) {
-                       return False;
-               }
-
-               memcpy(new_history, pwhistory,
-                      current_history_len*PW_HISTORY_ENTRY_LEN);
-
-               pwhistory = new_history;
+       if (!pwhistory) {
+               return false;
        }
 
+       memcpy(pwhistory, current_history,
+              current_history_len*PW_HISTORY_ENTRY_LEN);
+
        /*
         * Make room for the new password in the history list.
         */