git.samba.org
/
janger
/
samba-autobuild
/
.git
/ commitdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
| commitdiff |
tree
raw
|
patch
| inline |
side by side
(parent:
3c01d9a
)
s4:dsdb: Avoid buffer overflow in samdb_result_hashes()
author
Jo Sutton
<josutton@catalyst.net.nz>
Thu, 11 Jan 2024 21:43:39 +0000
(10:43 +1300)
committer
Andrew Bartlett
<abartlet@samba.org>
Thu, 8 Feb 2024 02:48:45 +0000
(
02:48
+0000)
Signed-off-by: Jo Sutton <josutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
source4/dsdb/common/util.c
patch
|
blob
|
history
diff --git
a/source4/dsdb/common/util.c
b/source4/dsdb/common/util.c
index e6e18b15eef04c8113d30adb726de40f9e87dcfd..fe63e18c35c116ddabbbf20e66486411ea673d44 100644
(file)
--- a/
source4/dsdb/common/util.c
+++ b/
source4/dsdb/common/util.c
@@
-558,6
+558,13
@@
unsigned int samdb_result_hashes(TALLOC_CTX *mem_ctx, const struct ldb_message *
if (!val) {
return 0;
}
+ if (val->length % 16 != 0) {
+ /*
+ * The length is wrong. Don’t try to read beyond the end of the
+ * buffer.
+ */
+ return 0;
+ }
count = val->length / 16;
if (count == 0) {
return 0;