[PATCH] reject a tdb with hash size of 0
Jeremy Allison
jra at samba.org
Thu Dec 17 02:42:00 UTC 2015
On Thu, Dec 17, 2015 at 03:18:44PM +1300, Andrew Bartlett wrote:
> This just ensures we reject (rather than div-by-0) a DB with a zero
> hash size.
>
> This was one of the first issues I found that lead to the offset bugs
> seen here:
> https://bugzilla.samba.org/show_bug.cgi?id=11603
>
> Please review/push.
LGTM - pushed !
> --
> Andrew Bartlett
> https://samba.org/~abartlet/
> Authentication Developer, Samba Team https://samba.org
> Samba Development and Support, Catalyst IT
> https://catalyst.net.nz/services/samba
>
>
>
>
>
> From 086a680a3621b7d248e7a79de7305e94f26c3c1e Mon Sep 17 00:00:00 2001
> From: Andrew Bartlett <abartlet at samba.org>
> Date: Mon, 9 Nov 2015 14:10:11 +1300
> Subject: [PATCH] tdb: Refuse to load a database with hash size 0
>
> This just ensures we reject (rather than div-by-0) a corrupt
> DB with a zero hash size.
>
> Found with american fuzzy lop
>
> Signed-off-by: Andrew Bartlett <abartlet at samba.org>
> ---
> lib/tdb/common/open.c | 7 +++++++
> 1 file changed, 7 insertions(+)
>
> diff --git a/lib/tdb/common/open.c b/lib/tdb/common/open.c
> index 3b53fa7..f3ef856 100644
> --- a/lib/tdb/common/open.c
> +++ b/lib/tdb/common/open.c
> @@ -593,6 +593,13 @@ _PUBLIC_ struct tdb_context *tdb_open_ex(const char *name, int hash_size, int td
> errno = ENOSYS;
> goto fail;
> }
> +
> + if (header.hash_size == 0) {
> + TDB_LOG((tdb, TDB_DEBUG_ERROR, "tdb_open_ex: invalid database: 0 hash_size\n"));
> + errno = ENOSYS;
> + goto fail;
> + }
> +
> tdb->hash_size = header.hash_size;
>
> if (header.rwlocks == TDB_FEATURE_FLAG_MAGIC) {
> --
> 2.6.2
>
More information about the samba-technical
mailing list