git.samba.org / samba.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 6e5e5c7) | patch
CVE-2023-34966: mdssvc: harden sl_unpack_loop()
authorRalph Boehme <slow@samba.org>
Fri, 26 May 2023 11:06:19 +0000 (13:06 +0200)
committerJule Anger <janger@samba.org>
Fri, 14 Jul 2023 13:14:54 +0000 (15:14 +0200)
commitc77b31f1bcb8778007cfa584e15f3bb2f7135752
tree33bab7cbec5bfc6dc6ccd580f5ff7d07dd6401f4tree
parent6e5e5c7f64eef80e10473e860a1662ce66491e8ecommit | diff
CVE-2023-34966: mdssvc: harden sl_unpack_loop()

A malicious client could send a packet where subcount is zero, leading to a busy
loop because

    count -= subcount
=>  count -= 0
=>  while (count > 0)

loops forever.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15340

Signed-off-by: Ralph Boehme <slow@samba.org>
source3/rpc_server/mdssvc/marshalling.c diff | blob | history
Samba Shared Repository