svn commit: samba r19520 - in branches/SAMBA_4_0/source/lib/ldb/samba: .

simo idra at samba.org
Wed Nov 1 21:49:07 GMT 2006


On Thu, 2006-11-02 at 07:49 +1100, Andrew Bartlett wrote:

> The fundamental problem comes from the fact that ldb presumes that all
> buffers have a NULL terminator at v->data[v->length].  However, if you
> create a data blob with data_blob(), or the ndr_push_data_blob
> functions, this will not contain such a terminator.
> 
> Relying on any data to be present at v->data[v->length] is inconsistent
> and unexpected.
> 
> I realise it works really nicely for strings, but currently it also
> works by dumb luck as much as anything...

This is exactly the problem, it may not be a string so it may not be
terminated, in that case GUID_from_string could just read past the
allocated memory and segfault. That's why there is a check on string
termination.

Maybe we can change DATA_BLOB to always allocate one extra null byte so
that ldb_val and data_blob are compatible and surely null terminated.

Simo.

-- 
Simo Sorce
Samba Team GPL Compliance Officer
email: idra at samba.org
http://samba.org



More information about the samba-cvs mailing list