| commit | a380f19d570003c0134e5a9618fbeee524ca332a | |
| author | Volker Lendecke <vl@samba.org> | |
| Thu, 9 Jul 2020 19:49:25 +0000 (9 21:49 +0200) | ||
| committer | Karolin Seeger <kseeger@samba.org> | |
| Thu, 29 Oct 2020 10:25:37 +0000 (29 10:25 +0000) | ||
| tree | 092799f1ccadfcd0fa0241174a0a105a7a1abe20 | treesnapshot (tar.gz zip) |
| parent | cc4901123daff9da1e0872dbd38575770e3a68d6 | commitdiff |
CVE-2020-14323 winbind: Fix invalid lookupsids DoS
A lookupsids request without extra_data will lead to "state->domain==NULL",
which makes winbindd_lookupsids_recv trying to dereference it.
Reported by Bas Alberts of the GitHub Security Lab Team as GHSL-2020-134
Bug: https://bugzilla.samba.org/show_bug.cgi?id=14436
Signed-off-by: Volker Lendecke <vl@samba.org>
A lookupsids request without extra_data will lead to "state->domain==NULL",
which makes winbindd_lookupsids_recv trying to dereference it.
Reported by Bas Alberts of the GitHub Security Lab Team as GHSL-2020-134
Bug: https://bugzilla.samba.org/show_bug.cgi?id=14436
Signed-off-by: Volker Lendecke <vl@samba.org>
| source3/winbindd/winbindd_lookupsids.c | diffblobblamehistory |