| commit | 04de06f18fe8ecd4469f584223c676651be46b6d | |
| author | Joseph Sutton <josephsutton@catalyst.net.nz> | |
| Tue, 14 Feb 2023 23:34:51 +0000 (15 12:34 +1300) | ||
| committer | Jule Anger <janger@samba.org> | |
| Mon, 20 Mar 2023 09:03:50 +0000 (20 10:03 +0100) | ||
| tree | 5831b1602179f84ad7e59ba25216d62c9afff560 | treesnapshot (tar.gz zip) |
| parent | 9222e613f667e57dc88765c1441c410b11077790 | commitdiff |
CVE-2023-0614 ldb:tests: Ensure ldb_val data is zero-terminated
If the value of an ldb message element is not zero-terminated, calling
ldb_msg_find_attr_as_string() will cause the function to read off the
end of the buffer in an attempt to verify that the value is
zero-terminated. This can cause unexpected behaviour and make the test
randomly fail.
To avoid this, we must have a terminating null byte that is *not*
counted as part of the length, and so we must calculate the length with
strlen() rather than sizeof.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15270
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
If the value of an ldb message element is not zero-terminated, calling
ldb_msg_find_attr_as_string() will cause the function to read off the
end of the buffer in an attempt to verify that the value is
zero-terminated. This can cause unexpected behaviour and make the test
randomly fail.
To avoid this, we must have a terminating null byte that is *not*
counted as part of the length, and so we must calculate the length with
strlen() rather than sizeof.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15270
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
| lib/ldb/tests/ldb_filter_attrs_test.c | diffblobblamehistory |