svn commit: samba r19520 - in
branches/SAMBA_4_0/source/lib/ldb/samba: .
simo
idra at samba.org
Wed Nov 1 12:56:36 GMT 2006
On Wed, 2006-11-01 at 03:17 +0000, abartlet at samba.org wrote:
> Author: abartlet
> Date: 2006-11-01 03:17:23 +0000 (Wed, 01 Nov 2006)
> New Revision: 19520
>
> WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba&rev=19520
>
> Log:
> Try not to read past the end of the ldb buffer.
>
> Andrew Bartlett
>
> Modified:
> branches/SAMBA_4_0/source/lib/ldb/samba/ldif_handlers.c
>
>
> Changeset:
> Modified: branches/SAMBA_4_0/source/lib/ldb/samba/ldif_handlers.c
> ===================================================================
> --- branches/SAMBA_4_0/source/lib/ldb/samba/ldif_handlers.c 2006-10-31 19:06:46 UTC (rev 19519)
> +++ branches/SAMBA_4_0/source/lib/ldb/samba/ldif_handlers.c 2006-11-01 03:17:23 UTC (rev 19520)
> @@ -80,10 +80,12 @@
>
> static BOOL ldb_comparision_objectSid_isString(const struct ldb_val *v)
> {
> - /* see if the input if null-terninated */
> - if (v->data[v->length] != '\0') return False;
> -
> + if (v->length < 3) {
> + return False;
> + }
> +
> if (strncmp("S-", (const char *)v->data, 2) != 0) return False;
> +
> return True;
> }
>
> @@ -179,9 +181,6 @@
> struct GUID guid;
> NTSTATUS status;
>
> - /* see if the input if null-terninated */
> - if (v->data[v->length] != '\0') return False;
> -
> if (v->length < 33) return False;
>
> status = GUID_from_string((const char *)v->data, &guid);
Checking for the length and checking for termination are not the same
thing. We can have binary blobs as data. I think that keeping the check
on null termination is important as it may prevent segfaults deriving by
a run past the buffer by functions that expect null terminated strings
as input.
Simo.
--
Simo Sorce
Samba Team GPL Compliance Officer
email: idra at samba.org
http://samba.org
More information about the samba-technical
mailing list