svn commit: samba r19520 - in branches/SAMBA_4_0/source/lib/ldb/samba: .

simo idra at
Wed Nov 1 21:49:07 GMT 2006

On Thu, 2006-11-02 at 07:49 +1100, Andrew Bartlett wrote:

> The fundamental problem comes from the fact that ldb presumes that all
> buffers have a NULL terminator at v->data[v->length].  However, if you
> create a data blob with data_blob(), or the ndr_push_data_blob
> functions, this will not contain such a terminator.
> Relying on any data to be present at v->data[v->length] is inconsistent
> and unexpected.
> I realise it works really nicely for strings, but currently it also
> works by dumb luck as much as anything...

This is exactly the problem, it may not be a string so it may not be
terminated, in that case GUID_from_string could just read past the
allocated memory and segfault. That's why there is a check on string

Maybe we can change DATA_BLOB to always allocate one extra null byte so
that ldb_val and data_blob are compatible and surely null terminated.


Simo Sorce
Samba Team GPL Compliance Officer
email: idra at

More information about the samba-technical mailing list