CVE-2020-10730: vlv: Use strcmp(), not strncmp() checking the NULL terminated control OIDs

The end result is the same, as sizeof() includes the trailing NUL, but this avoids having to think about that. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14364 Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
author: Andrew Bartlett <abartlet@samba.org> 2020-05-05 12:54:59 +1200
committer: Karolin Seeger <kseeger@samba.org> 2020-06-25 10:43:52 +0200
commit: c61a5255d9efaa1e63e33810f5236ea21b283c40 (patch)
tree: 26264d479ad7df79a49d60a8a7be643a9c094b7d
parent: 837ee4b1757e990827ecf0cd3a29a057886a9357 (diff)
download: samba-c61a5255d9efaa1e63e33810f5236ea21b283c40.tar.gz
1 files changed, 2 insertions, 2 deletions
diff --git a/source4/dsdb/samdb/ldb_modules/vlv_pagination.c b/source4/dsdb/samdb/ldb_modules/vlv_pagination.c
index 980177cb05e..31e64b4bd78 100644
--- a/source4/dsdb/samdb/ldb_modules/vlv_pagination.c
+++ b/source4/dsdb/samdb/ldb_modules/vlv_pagination.c
@@ -682,8 +682,8 @@ vlv_copy_down_controls(TALLOC_CTX *mem_ctx, struct ldb_control **controls)
 		if (control->oid == NULL) {
 			break;
 		}
-		if (strncmp(control->oid, LDB_CONTROL_VLV_REQ_OID, sizeof(LDB_CONTROL_VLV_REQ_OID)) == 0 ||
-		    strncmp(control->oid, LDB_CONTROL_SERVER_SORT_OID, sizeof(LDB_CONTROL_SERVER_SORT_OID)) == 0) {
+		if (strcmp(control->oid, LDB_CONTROL_VLV_REQ_OID) == 0 ||
+		    strcmp(control->oid, LDB_CONTROL_SERVER_SORT_OID) == 0) {
 			continue;
 		}
 		new_controls[j] = talloc_steal(new_controls, control);
author	Andrew Bartlett <abartlet@samba.org>	2020-05-05 12:54:59 +1200
committer	Karolin Seeger <kseeger@samba.org>	2020-06-25 10:43:52 +0200
commit	c61a5255d9efaa1e63e33810f5236ea21b283c40 (patch)
tree	26264d479ad7df79a49d60a8a7be643a9c094b7d
parent	837ee4b1757e990827ecf0cd3a29a057886a9357 (diff)
download	samba-c61a5255d9efaa1e63e33810f5236ea21b283c40.tar.gz