git.samba.org / samba.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: c835e27) | patch
CVE-2018-16851 ldap_server: Check ret before manipulating blob
authorGarming Sam <garming@catalyst.net.nz>
Mon, 5 Nov 2018 03:18:18 +0000 (16:18 +1300)
committerKarolin Seeger <kseeger@samba.org>
Wed, 28 Nov 2018 07:22:24 +0000 (08:22 +0100)
commitd2c98abde12d11d64cc62697f633fc5db75502ef
tree0b05dcfedfe77d2ffcf92c1bc67aab7313ecfce5tree
parentc835e27a998fa6bfb49a48581c65224c4c02880ecommit | diff
CVE-2018-16851 ldap_server: Check ret before manipulating blob

In the case of hitting the talloc ~256MB limit, this causes a crash in
the server.

Note that you would actually need to load >256MB of data into the LDAP.
Although there is some generated/hidden data which would help you reach that
limit (descriptors and RMD blobs).

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13674

Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
source4/ldap_server/ldap_server.c diff | blob | history
Samba Shared Repository