ldb: Do not read beyond the end of the extended DN component when printing

The print functions used in Samba NULL terminate, but do not assume they will

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14049

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>

diff --git a/lib/ldb/common/ldb_dn.c b/lib/ldb/common/ldb_dn.c
index b9a414dc56661256ef10906486ec63133bd4fe05..83f94e3b9132b7b0239f27418a7becaa1ca11bab 100644 (file)
--- a/lib/ldb/common/ldb_dn.c
+++ b/lib/ldb/common/ldb_dn.c
@@ -871,11 +871,15 @@ char *ldb_dn_get_extended_linearized(TALLOC_CTX *mem_ctx, struct ldb_dn *dn, int
                }
 
                if (i == 0) {
-                       p = talloc_asprintf(mem_ctx, "<%s=%s>", 
-                                           name, val.data);
+                       p = talloc_asprintf(mem_ctx, "<%s=%.*s>",
+                                           name,
+                                           (int)val.length,
+                                           val.data);
                } else {
-                       p = talloc_asprintf_append_buffer(p, ";<%s=%s>",
-                                                         name, val.data);
+                       p = talloc_asprintf_append_buffer(p, ";<%s=%.*s>",
+                                                         name,
+                                                         (int)val.length,
+                                                         val.data);
                }
 
                talloc_free(val.data);