CVE-2023-34968: mdscli: remove response blob allocation

This is handled by the NDR code transparently.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15388

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>

diff --git a/source3/rpc_client/cli_mdssvc.c b/source3/rpc_client/cli_mdssvc.c
index 046d37135cbccc1b0a88d180cb8320eb93f01109..474d7c0b15004f46178249c19c00a0a21873ebce 100644 (file)
--- a/source3/rpc_client/cli_mdssvc.c
+++ b/source3/rpc_client/cli_mdssvc.c
@@ -276,15 +276,6 @@ struct tevent_req *mdscli_search_send(TALLOC_CTX *mem_ctx,
                return tevent_req_post(req, ev);
        }
 
-       state->response_blob.spotlight_blob = talloc_array(
-               state,
-               uint8_t,
-               mdscli_ctx->max_fragment_size);
-       if (tevent_req_nomem(state->response_blob.spotlight_blob, req)) {
-               return tevent_req_post(req, ev);
-       }
-       state->response_blob.size = mdscli_ctx->max_fragment_size;
-
        subreq = dcerpc_mdssvc_cmd_send(state,
                                        ev,
                                        mdscli_ctx->bh,
@@ -457,15 +448,6 @@ struct tevent_req *mdscli_get_results_send(
                return tevent_req_post(req, ev);
        }
 
-       state->response_blob.spotlight_blob = talloc_array(
-               state,
-               uint8_t,
-               mdscli_ctx->max_fragment_size);
-       if (tevent_req_nomem(state->response_blob.spotlight_blob, req)) {
-               return tevent_req_post(req, ev);
-       }
-       state->response_blob.size = mdscli_ctx->max_fragment_size;
-
        subreq = dcerpc_mdssvc_cmd_send(state,
                                        ev,
                                        mdscli_ctx->bh,
@@ -681,15 +663,6 @@ struct tevent_req *mdscli_get_path_send(TALLOC_CTX *mem_ctx,
                return tevent_req_post(req, ev);
        }
 
-       state->response_blob.spotlight_blob = talloc_array(
-               state,
-               uint8_t,
-               mdscli_ctx->max_fragment_size);
-       if (tevent_req_nomem(state->response_blob.spotlight_blob, req)) {
-               return tevent_req_post(req, ev);
-       }
-       state->response_blob.size = mdscli_ctx->max_fragment_size;
-
        subreq = dcerpc_mdssvc_cmd_send(state,
                                        ev,
                                        mdscli_ctx->bh,
@@ -852,15 +825,6 @@ struct tevent_req *mdscli_close_search_send(TALLOC_CTX *mem_ctx,
                return tevent_req_post(req, ev);
        }
 
-       state->response_blob.spotlight_blob = talloc_array(
-               state,
-               uint8_t,
-               mdscli_ctx->max_fragment_size);
-       if (tevent_req_nomem(state->response_blob.spotlight_blob, req)) {
-               return tevent_req_post(req, ev);
-       }
-       state->response_blob.size = mdscli_ctx->max_fragment_size;
-
        subreq = dcerpc_mdssvc_cmd_send(state,
                                        ev,
                                        mdscli_ctx->bh,