diff options
| author | Volker Lendecke <vl@samba.org> | 2017-03-23 15:48:25 +0100 |
|---|---|---|
| committer | Andrew Bartlett <abartlet@samba.org> | 2017-03-28 09:23:11 +0200 |
| commit | e92a20781ca45b8696397cdef424fe8b92bee66b (patch) | |
| tree | 6d12db685688d7d6380675eeb8832cc77af9ac7a | |
| parent | 0c25c40315a8255362780486d2f2e27ea0dbbff4 (diff) | |
| download | samba-e92a20781ca45b8696397cdef424fe8b92bee66b.tar.gz | |
server_id_db: Protect against non-0-terminated data records
Remove the failing test from knownfail.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12705
| -rw-r--r-- | lib/util/server_id_db.c | 22 | ||||
| -rw-r--r-- | selftest/knownfail | 1 |
2 files changed, 21 insertions, 2 deletions
diff --git a/lib/util/server_id_db.c b/lib/util/server_id_db.c index e0b84768ffc..e190f457526 100644 --- a/lib/util/server_id_db.c +++ b/lib/util/server_id_db.c @@ -138,6 +138,7 @@ int server_id_db_prune_name(struct server_id_db *db, const char *name, char idbuf[idbuf_len]; TDB_DATA key; uint8_t *data; + size_t datalen; char *ids, *id; int ret; @@ -156,6 +157,13 @@ int server_id_db_prune_name(struct server_id_db *db, const char *name, return ret; } + datalen = talloc_get_size(data); + if ((datalen == 0) || (data[datalen-1] != '\0')) { + tdb_chainunlock(tdb, key); + TALLOC_FREE(data); + return EINVAL; + } + ids = (char *)data; id = strv_find(ids, idbuf); @@ -166,7 +174,12 @@ int server_id_db_prune_name(struct server_id_db *db, const char *name, } strv_delete(&ids, id); - ret = tdb_store(tdb, key, talloc_tdb_data(ids), TDB_MODIFY); + + if (talloc_get_size(ids) == 0) { + ret = tdb_delete(tdb, key); + } else { + ret = tdb_store(tdb, key, talloc_tdb_data(ids), TDB_MODIFY); + } TALLOC_FREE(data); tdb_chainunlock(tdb, key); @@ -200,6 +213,7 @@ int server_id_db_lookup(struct server_id_db *db, const char *name, struct tdb_context *tdb = db->tdb->tdb; TDB_DATA key; uint8_t *data; + size_t datalen; char *ids, *id; unsigned num_servers; struct server_id *servers; @@ -212,6 +226,12 @@ int server_id_db_lookup(struct server_id_db *db, const char *name, return ret; } + datalen = talloc_get_size(data); + if ((datalen == 0) || (data[datalen-1] != '\0')) { + TALLOC_FREE(data); + return EINVAL; + } + ids = (char *)data; num_servers = strv_count(ids); diff --git a/selftest/knownfail b/selftest/knownfail index b609e27c94f..b25038064c3 100644 --- a/selftest/knownfail +++ b/selftest/knownfail @@ -319,4 +319,3 @@ ^samba3.smb2.credits.skipped_mid.* ^samba4.blackbox.dbcheck-links.release-4-5-0-pre1.dangling_multi_valued_dbcheck ^samba4.blackbox.dbcheck-links.release-4-5-0-pre1.dangling_multi_valued_check_missing -^samba.tests.messaging.samba.tests.messaging.MessagingTests.test_add_remove_name
\ No newline at end of file |