s3:passdb: always copy the history in pdb_set_plaintext_passwd()

We should not write to memory marked as const
(returned from pdb_get_pw_history())!

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

source3/passdb/pdb_get_set.c

@@ -1001,6 +1001,7 @@ bool pdb_set_plaintext_passwd(struct samu *sampass, const char *plaintext)
 	uchar *pwhistory;
 	uint32_t pwHistLen;
 	uint32_t current_history_len;
+	const uint8_t *current_history;
 
 	if (!plaintext)
 		return False;
@@ -1051,33 +1052,27 @@ bool pdb_set_plaintext_passwd(struct samu *sampass, const char *plaintext)
 	 * the pw_history was first loaded into the struct samu struct
 	 * and now.... JRA.
 	 */
-	pwhistory = (uchar *)pdb_get_pw_history(sampass, &current_history_len);
-
-	if ((current_history_len != 0) && (pwhistory == NULL)) {
+	current_history = pdb_get_pw_history(sampass, &current_history_len);
+	if ((current_history_len != 0) && (current_history == NULL)) {
 		DEBUG(1, ("pdb_set_plaintext_passwd: pwhistory == NULL!\n"));
 		return false;
 	}
 
-	if (current_history_len < pwHistLen) {
-		/*
-		 * Ensure we have space for the needed history. This
-		 * also takes care of an account which did not have
-		 * any history at all so far, i.e. pwhistory==NULL
-		 */
-		uchar *new_history = talloc_zero_array(
+	/*
+	 * Ensure we have space for the needed history. This
+	 * also takes care of an account which did not have
+	 * any history at all so far, i.e. pwhistory==NULL
+	 */
+	pwhistory = talloc_zero_array(
 			sampass, uchar,
 			pwHistLen*PW_HISTORY_ENTRY_LEN);
-
-		if (!new_history) {
-			return False;
-		}
-
-		memcpy(new_history, pwhistory,
-		       current_history_len*PW_HISTORY_ENTRY_LEN);
-
-		pwhistory = new_history;
+	if (!pwhistory) {
+		return false;
 	}
 
+	memcpy(pwhistory, current_history,
+	       current_history_len*PW_HISTORY_ENTRY_LEN);
+
 	/*
 	 * Make room for the new password in the history list.
 	 */