| commit | 1debb6584e4fead70e5031ed89a96d7def635efe | |
| author | Joseph Sutton <josephsutton@catalyst.net.nz> | |
| Tue, 14 Feb 2023 23:34:51 +0000 (15 12:34 +1300) | ||
| committer | Andrew Bartlett <abartlet@samba.org> | |
| Wed, 5 Apr 2023 02:10:35 +0000 (5 02:10 +0000) | ||
| tree | 56f97885264535e942cda57a257e20411ac650e0 | treesnapshot (tar.gz zip) |
| parent | a43977499c0de2878cf7828b53691e9331e360a2 | commitdiff |
CVE-2023-0614 ldb:tests: Ensure ldb_val data is zero-terminated
If the value of an ldb message element is not zero-terminated, calling
ldb_msg_find_attr_as_string() will cause the function to read off the
end of the buffer in an attempt to verify that the value is
zero-terminated. This can cause unexpected behaviour and make the test
randomly fail.
To avoid this, we must have a terminating null byte that is *not*
counted as part of the length, and so we must calculate the length with
strlen() rather than sizeof.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15270
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
If the value of an ldb message element is not zero-terminated, calling
ldb_msg_find_attr_as_string() will cause the function to read off the
end of the buffer in an attempt to verify that the value is
zero-terminated. This can cause unexpected behaviour and make the test
randomly fail.
To avoid this, we must have a terminating null byte that is *not*
counted as part of the length, and so we must calculate the length with
strlen() rather than sizeof.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15270
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
| lib/ldb/tests/ldb_filter_attrs_test.c | diffblobblamehistory |