CVE-2023-34968: smbtorture: remove response blob allocation in mdssvc.c

This is alreay done by NDR for us.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15388

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>

diff --git a/source4/torture/rpc/mdssvc.c b/source4/torture/rpc/mdssvc.c
index 3689692f7de0d156a208bf965750d1afed0fc7fd..a16bd5b47e3a76b083b5f7779fc1f492c51c48bb 100644 (file)
--- a/source4/torture/rpc/mdssvc.c
+++ b/source4/torture/rpc/mdssvc.c
@@ -536,13 +536,6 @@ static bool test_mdssvc_invalid_ph_cmd(struct torture_context *tctx,
        request_blob.length = 0;
        request_blob.size = 0;
 
-       response_blob.spotlight_blob = talloc_array(state,
-                                                   uint8_t,
-                                                   0);
-       torture_assert_not_null_goto(tctx, response_blob.spotlight_blob,
-                                    ok, done, "dalloc_zero failed\n");
-       response_blob.size = 0;
-
        status =  dcerpc_mdssvc_cmd(b,
                                    state,
                                    &ph,
@@ -632,13 +625,6 @@ static bool test_mdssvc_sl_unpack_loop(struct torture_context *tctx,
        request_blob.size = sizeof(test_sl_unpack_loop_buf);
        request_blob.length = sizeof(test_sl_unpack_loop_buf);
 
-       response_blob.spotlight_blob = talloc_array(state,
-                                                   uint8_t,
-                                                   0);
-       torture_assert_not_null_goto(tctx, response_blob.spotlight_blob,
-                                    ok, done, "dalloc_zero failed\n");
-       response_blob.size = 0;
-
        status = dcerpc_mdssvc_cmd(b,
                                   state,
                                   &state->ph,
@@ -764,11 +750,6 @@ static bool test_sl_dict_type_safety(struct torture_context *tctx,
        torture_assert_goto(tctx, request_blob.length > 0,
                            ok, done, "sl_pack failed\n");
 
-       response_blob.spotlight_blob = talloc_array(state, uint8_t, 0);
-       torture_assert_not_null_goto(tctx, response_blob.spotlight_blob,
-                                    ok, done, "dalloc_zero failed\n");
-       response_blob.size = 0;
-
        status = dcerpc_mdssvc_cmd(b,
                                   state,
                                   &state->ph,
@@ -926,13 +907,6 @@ static bool test_mdssvc_fetch_attr_unknown_cnid(struct torture_context *tctx,
                                     ret, done, "dalloc_zero failed\n");
        request_blob.size = max_fragment_size;
 
-       response_blob.spotlight_blob = talloc_array(state,
-                                                   uint8_t,
-                                                   max_fragment_size);
-       torture_assert_not_null_goto(tctx, response_blob.spotlight_blob,
-                                    ret, done, "dalloc_zero failed\n");
-       response_blob.size = max_fragment_size;
-
        len = sl_pack(d, (char *)request_blob.spotlight_blob, request_blob.size);
        torture_assert_goto(tctx, len != -1, ret, done, "sl_pack failed\n");