CVE-2023-34968: rpcclient: remove response blob allocation

This is alreay done by NDR for us.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15388

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>

diff --git a/source3/rpcclient/cmd_spotlight.c b/source3/rpcclient/cmd_spotlight.c
index 24db9893df6396db048676693eda4641e73ae145..64fe321089c41f933a07f47d18f50afbb9858d2f 100644 (file)
--- a/source3/rpcclient/cmd_spotlight.c
+++ b/source3/rpcclient/cmd_spotlight.c
@@ -144,13 +144,6 @@ static NTSTATUS cmd_mdssvc_fetch_properties(
        }
        request_blob.size = max_fragment_size;
 
-       response_blob.spotlight_blob = talloc_array(mem_ctx, uint8_t, max_fragment_size);
-       if (response_blob.spotlight_blob == NULL) {
-               status = NT_STATUS_INTERNAL_ERROR;
-               goto done;
-       }
-       response_blob.size = max_fragment_size;
-
        len = sl_pack(d, (char *)request_blob.spotlight_blob, request_blob.size);
        if (len == -1) {
                status = NT_STATUS_INTERNAL_ERROR;
@@ -368,15 +361,6 @@ static NTSTATUS cmd_mdssvc_fetch_attributes(
        }
        request_blob.size = max_fragment_size;
 
-       response_blob.spotlight_blob = talloc_array(mem_ctx,
-                                                   uint8_t,
-                                                   max_fragment_size);
-       if (response_blob.spotlight_blob == NULL) {
-               status = NT_STATUS_INTERNAL_ERROR;
-               goto done;
-       }
-       response_blob.size = max_fragment_size;
-
        len = sl_pack(d, (char *)request_blob.spotlight_blob, request_blob.size);
        if (len == -1) {
                status = NT_STATUS_INTERNAL_ERROR;