[PATCHES] avoid memory errors with ldb client cookies
Volker.Lendecke at SerNet.DE
Fri Mar 18 09:33:06 UTC 2016
On Fri, Mar 18, 2016 at 03:53:22PM +1300, Douglas Bagnall wrote:
> Ldb has a function int ldb_base64_decode(char *) that decodes a base64
> string in place and returns the new length (it is always shorter). If
> the string is not base64, it returns -1. Callers of this function in
> lib/ldb/common/ldb_controls.c were using the returned value in a
> talloc_memdup, where the -1 would convert to the largest size_t the
> machine could imagine. That is very unlikely to be successful.
> AFAICT, this is only used in lib/ldb/tools/ldb*.c and in Python code.
R-b me for the first one.
> The second patch checks if the same talloc_memdup()s fail in mundane ways.
Doesn't that require a ldb_oom in the failure cases?
SerNet GmbH, Bahnhofsallee 1b, 37081 Göttingen
phone: +49-551-370000-0, fax: +49-551-370000-9
AG Göttingen, HRB 2816, GF: Dr. Johannes Loxen
http://www.sernet.de, mailto:kontakt at sernet.de
More information about the samba-technical