CVE-2020-10730: vlv: Use strcmp(), not strncmp() checking the NULL terminated control...

The end result is the same, as sizeof() includes the trailing NUL, but this
avoids having to think about that.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14364

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>

diff --git a/source4/dsdb/samdb/ldb_modules/vlv_pagination.c b/source4/dsdb/samdb/ldb_modules/vlv_pagination.c
index 980177cb05e030c738af47421db21898c0efcdc9..31e64b4bd7802317627fd1cf822eb5bbaae794c4 100644 (file)
--- a/source4/dsdb/samdb/ldb_modules/vlv_pagination.c
+++ b/source4/dsdb/samdb/ldb_modules/vlv_pagination.c
@@ -682,8 +682,8 @@ vlv_copy_down_controls(TALLOC_CTX *mem_ctx, struct ldb_control **controls)
                if (control->oid == NULL) {
                        break;
                }
-               if (strncmp(control->oid, LDB_CONTROL_VLV_REQ_OID, sizeof(LDB_CONTROL_VLV_REQ_OID)) == 0 ||
-                   strncmp(control->oid, LDB_CONTROL_SERVER_SORT_OID, sizeof(LDB_CONTROL_SERVER_SORT_OID)) == 0) {
+               if (strcmp(control->oid, LDB_CONTROL_VLV_REQ_OID) == 0 ||
+                   strcmp(control->oid, LDB_CONTROL_SERVER_SORT_OID) == 0) {
                        continue;
                }
                new_controls[j] = talloc_steal(new_controls, control);