| commit | 8ddaf853404f3cddef84b77b38951526d73ffbda | |
| author | Gary Lockyer <gary@catalyst.net.nz> | |
| Mon, 18 Feb 2019 21:26:56 +0000 (19 10:26 +1300) | ||
| committer | Stefan Metzmacher <metze@samba.org> | |
| Tue, 26 Feb 2019 11:15:12 +0000 (26 12:15 +0100) | ||
| tree | ef046558eb457f3ea912cc9c5ee6295264d71576 | treesnapshot (tar.gz zip) |
| parent | c62bd66b84defc73465e5f16f230f1855fb3bde3 | commitdiff |
CVE-2019-3824 ldb: wildcard_match end of data check
ldb_handler_copy and ldb_val_dup over allocate by one and add a trailing '\0'
to the data, to make them safe to use the C string functions on.
However testing for the trailing '\0' is not the correct way to test for
the end of a value, the length should be checked instead.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13773
Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
ldb_handler_copy and ldb_val_dup over allocate by one and add a trailing '\0'
to the data, to make them safe to use the C string functions on.
However testing for the trailing '\0' is not the correct way to test for
the end of a value, the length should be checked instead.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13773
Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
| lib/ldb/common/ldb_match.c | diffblobblamehistory |