git.samba.org / ambi / samba.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 7f51ec8) | patch
CVE-2015-5330: ldb_dn_escape_value: use known string length, not strlen()
authorDouglas Bagnall <douglas.bagnall@catalyst.net.nz>
Tue, 24 Nov 2015 00:09:36 +0000 (13:09 +1300)
committerRalph Boehme <slow@samba.org>
Wed, 9 Dec 2015 16:19:52 +0000 (17:19 +0100)
commit0454b95657846fcecf0f51b6f1194faac02518bd
treed399d61fda5cc8b2fcacddda9b532ee2f4cb45c3tree
parent7f51ec8c4ed9ba1f53d722e44fb6fb3cde933b72commit | diff
CVE-2015-5330: ldb_dn_escape_value: use known string length, not strlen()

ldb_dn_escape_internal() reports the number of bytes it copied, so
lets use that number, rather than using strlen() and hoping a zero got
in the right place.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=11599

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Pair-programmed-with: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
lib/ldb/common/ldb_dn.c diff | blob | history
wip branches