From cc330f93625290dc5f67c9c0f2f17e566ddbf1f1 Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Mon, 24 Aug 2009 13:09:10 +1000 Subject: [PATCH] s4:dsdb use talloc_strndup() in GET_STRING_LDB() rather than walk off the end The problem is that samdb_result_string() and ldb_msg_find_attr_as_string() both simply cast the string, rather than ensuring the return value is NULL terminated. This may be best regarded as a flaw in LDB, but fixing it there is going to be more difficult. Andrew Bartlett --- source4/dsdb/schema/schema_init.c | 24 +++++++++++++++++------- 1 file changed, 17 insertions(+), 7 deletions(-) diff --git a/source4/dsdb/schema/schema_init.c b/source4/dsdb/schema/schema_init.c index 170d5a12e97..c2d45970f0b 100644 --- a/source4/dsdb/schema/schema_init.c +++ b/source4/dsdb/schema/schema_init.c @@ -653,14 +653,24 @@ static int dsdb_schema_setup_ldb_schema_attribute(struct ldb_context *ldb, } - #define GET_STRING_LDB(msg, attr, mem_ctx, p, elem, strict) do { \ - (p)->elem = samdb_result_string(msg, attr, NULL);\ - if (strict && (p)->elem == NULL) { \ - d_printf("%s: %s == NULL\n", __location__, attr); \ - return WERR_INVALID_PARAM; \ - } \ - talloc_steal(mem_ctx, (p)->elem); \ + struct ldb_val *get_string_val = ldb_msg_find_ldb_val(msg, attr); \ + if (get_string_val == NULL) { \ + if (strict) { \ + d_printf("%s: %s == NULL\n", __location__, attr); \ + return WERR_INVALID_PARAM; \ + } else { \ + (p)->elem = NULL; \ + } \ + } else { \ + (p)->elem = talloc_strndup(mem_ctx, \ + (const char *)get_string_val->data, \ + get_string_val->length); \ + if (!(p)->elem) { \ + d_printf("%s: talloc_strndup failed for %s\n", __location__, attr); \ + return WERR_NOMEM; \ + } \ + } \ } while (0) #define GET_STRING_LIST_LDB(msg, attr, mem_ctx, p, elem, strict) do { \ -- 2.34.1