CVE-2023-34968: smbtorture: remove response blob allocation in mdssvc.c

author Ralph Boehme <slow@samba.org>

Tue, 20 Jun 2023 09:28:47 +0000 (11:28 +0200)

committer Jule Anger <janger@samba.org>

Fri, 21 Jul 2023 12:05:35 +0000 (12:05 +0000)
author Ralph Boehme <slow@samba.org>
Tue, 20 Jun 2023 09:28:47 +0000 (11:28 +0200)
committer Jule Anger <janger@samba.org>
Fri, 21 Jul 2023 12:05:35 +0000 (12:05 +0000)
diff --git a/source4/torture/rpc/mdssvc.c b/source4/torture/rpc/mdssvc.c

index fb02565e9ff2235859cff92a68945876e392089a..d17880e94663d263c39aff93eb78d18a3b37f6eb 100644 (file)
--- a/source4/torture/rpc/mdssvc.c
+++ b/source4/torture/rpc/mdssvc.c
@@ -544,13 +544,6 @@ static bool test_mdssvc_invalid_ph_cmd(struct torture_context *tctx,
         request_blob.length = 0;
         request_blob.size = 0;
  
-       response_blob.spotlight_blob = talloc_array(state,
-                                                   uint8_t,
-                                                   0);
-       torture_assert_not_null_goto(tctx, response_blob.spotlight_blob,
-                                    ok, done, "dalloc_zero failed\n");
-       response_blob.size = 0;
-
         status =  dcerpc_mdssvc_cmd(b,
                                     state,
                                     &ph,
@@ -644,13 +637,6 @@ static bool test_mdssvc_sl_unpack_loop(struct torture_context *tctx,
         request_blob.size = sizeof(test_sl_unpack_loop_buf);
         request_blob.length = sizeof(test_sl_unpack_loop_buf);
  
-       response_blob.spotlight_blob = talloc_array(state,
-                                                   uint8_t,
-                                                   0);
-       torture_assert_not_null_goto(tctx, response_blob.spotlight_blob,
-                                    ok, done, "dalloc_zero failed\n");
-       response_blob.size = 0;
-
         status = dcerpc_mdssvc_cmd(b,
                                    state,
                                    &state->ph,
@@ -776,11 +762,6 @@ static bool test_sl_dict_type_safety(struct torture_context *tctx,
         torture_assert_goto(tctx, request_blob.length > 0,
                             ok, done, "sl_pack failed\n");
  
-       response_blob.spotlight_blob = talloc_array(state, uint8_t, 0);
-       torture_assert_not_null_goto(tctx, response_blob.spotlight_blob,
-                                    ok, done, "dalloc_zero failed\n");
-       response_blob.size = 0;
-
         status = dcerpc_mdssvc_cmd(b,
                                    state,
                                    &state->ph,
@@ -942,13 +923,6 @@ static bool test_mdssvc_fetch_attr_unknown_cnid(struct torture_context *tctx,
                                      ret, done, "dalloc_zero failed\n");
         request_blob.size = max_fragment_size;
  
-       response_blob.spotlight_blob = talloc_array(state,
-                                                   uint8_t,
-                                                   max_fragment_size);
-       torture_assert_not_null_goto(tctx, response_blob.spotlight_blob,
-                                    ret, done, "dalloc_zero failed\n");
-       response_blob.size = max_fragment_size;
-
         len = sl_pack(d, (char *)request_blob.spotlight_blob, request_blob.size);
         torture_assert_goto(tctx, len != -1, ret, done, "sl_pack failed\n");
author	Ralph Boehme <slow@samba.org>
	Tue, 20 Jun 2023 09:28:47 +0000 (11:28 +0200)
committer	Jule Anger <janger@samba.org>
	Fri, 21 Jul 2023 12:05:35 +0000 (12:05 +0000)