From 6eccfc74cd9a16e96a2b6214b943f5b2f9adfe65 Mon Sep 17 00:00:00 2001
From: Stefan Metzmacher <metze@samba.org>
Date: Mon, 4 Feb 2013 09:18:59 +0100
Subject: [PATCH] dsdb/password_hash: make sure that io->n.cleartext_utf8.data
 is a null terminated string

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
---
 source4/dsdb/samdb/ldb_modules/password_hash.c | 23 +++++++++++++++++++++++
 1 file changed, 23 insertions(+)

diff --git a/source4/dsdb/samdb/ldb_modules/password_hash.c b/source4/dsdb/samdb/ldb_modules/password_hash.c
index 9bf596c3bca..6b8cd9cd157 100644
--- a/source4/dsdb/samdb/ldb_modules/password_hash.c
+++ b/source4/dsdb/samdb/ldb_modules/password_hash.c
@@ -2203,6 +2203,29 @@ static int setup_io(struct ph_context *ac,
 		}
 	}
 
+	if (io->n.cleartext_utf8 != NULL) {
+		struct ldb_val *cleartext_utf8_blob;
+		char *p;
+
+		cleartext_utf8_blob = talloc(io->ac, struct ldb_val);
+		if (!cleartext_utf8_blob) {
+			return ldb_oom(ldb);
+		}
+
+		*cleartext_utf8_blob = *io->n.cleartext_utf8;
+
+		/* make sure we have a null terminated string */
+		p = talloc_strndup(cleartext_utf8_blob,
+				   (const char *)io->n.cleartext_utf8->data,
+				   io->n.cleartext_utf8->length);
+		if ((p == NULL) && (io->n.cleartext_utf8->length > 0)) {
+			return ldb_oom(ldb);
+		}
+		cleartext_utf8_blob->data = (uint8_t *)p;
+
+		io->n.cleartext_utf8 = cleartext_utf8_blob;
+	}
+
 	ret = msg_find_old_and_new_pwd_val(orig_msg, "clearTextPassword",
 					   ac->req->operation,
 					   &io->n.cleartext_utf16,
-- 
2.11.4.GIT