From dbd87b94aafcae214053116321497941bacc7cad Mon Sep 17 00:00:00 2001
From: Andrew Bartlett <abartlet@samba.org>
Date: Mon, 9 Nov 2015 14:10:11 +1300
Subject: [PATCH] tdb: Refuse to load a database with hash size 0

This just ensures we reject (rather than div-by-0) a corrupt
DB with a zero hash size.

Found with american fuzzy lop

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Fri Dec 18 08:26:25 CET 2015 on sn-devel-144
---
 lib/tdb/common/open.c | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/lib/tdb/common/open.c b/lib/tdb/common/open.c
index 3b53fa7e3e..f3ef856eae 100644
--- a/lib/tdb/common/open.c
+++ b/lib/tdb/common/open.c
@@ -593,6 +593,13 @@ _PUBLIC_ struct tdb_context *tdb_open_ex(const char *name, int hash_size, int td
 		errno = ENOSYS;
 		goto fail;
 	}
+
+	if (header.hash_size == 0) {
+		TDB_LOG((tdb, TDB_DEBUG_ERROR, "tdb_open_ex: invalid database: 0 hash_size\n"));
+		errno = ENOSYS;
+		goto fail;
+	}
+
 	tdb->hash_size = header.hash_size;
 
 	if (header.rwlocks == TDB_FEATURE_FLAG_MAGIC) {
-- 
2.34.1