diff options
| author | Andrew Bartlett <abartlet@samba.org> | 2019-11-29 20:58:47 +1300 |
|---|---|---|
| committer | Karolin Seeger <kseeger@samba.org> | 2020-01-10 11:56:20 +0100 |
| commit | ad0e68d354ad33c577dbf146fc4a1b8254857558 (patch) | |
| tree | 2caa5681ae34d8ce00f4843f3f30e7f71f948d1c | |
| parent | 030fa9e5455125e30b71c90be80baadb657d8993 (diff) | |
| download | samba-ad0e68d354ad33c577dbf146fc4a1b8254857558.tar.gz | |
CVE-2019-14907 lib/util: Do not print the failed to convert string into the logs
The string may be in another charset, or may be sensitive and
certainly may not be terminated. It is not safe to just print.
Found by Robert Święcki using a fuzzer he wrote for smbd.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14208
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
(adapted from master commit)
| -rw-r--r-- | lib/util/charset/convert_string.c | 33 |
1 files changed, 18 insertions, 15 deletions
diff --git a/lib/util/charset/convert_string.c b/lib/util/charset/convert_string.c index 34facab6fe6..b546e056953 100644 --- a/lib/util/charset/convert_string.c +++ b/lib/util/charset/convert_string.c @@ -293,31 +293,31 @@ bool convert_string_handle(struct smb_iconv_handle *ic, switch(errno) { case EINVAL: reason="Incomplete multibyte sequence"; - DEBUG(3,("convert_string_internal: Conversion error: %s(%s)\n", - reason, (const char *)src)); + DBG_NOTICE("Conversion error: %s\n", + reason); break; case E2BIG: { reason="No more room"; if (from == CH_UNIX) { - DEBUG(3,("E2BIG: convert_string(%s,%s): srclen=%u destlen=%u - '%s' error: %s\n", - charset_name(ic, from), charset_name(ic, to), - (unsigned int)srclen, (unsigned int)destlen, (const char *)src, reason)); + DBG_NOTICE("E2BIG: convert_string(%s,%s): srclen=%u destlen=%u error: %s\n", + charset_name(ic, from), charset_name(ic, to), + (unsigned int)srclen, (unsigned int)destlen, reason); } else { - DEBUG(3,("E2BIG: convert_string(%s,%s): srclen=%u destlen=%u error: %s\n", - charset_name(ic, from), charset_name(ic, to), - (unsigned int)srclen, (unsigned int)destlen, reason)); + DBG_NOTICE("E2BIG: convert_string(%s,%s): srclen=%u destlen=%u error: %s\n", + charset_name(ic, from), charset_name(ic, to), + (unsigned int)srclen, (unsigned int)destlen, reason); } break; } case EILSEQ: reason="Illegal multibyte sequence"; - DEBUG(3,("convert_string_internal: Conversion error: %s(%s)\n", - reason, (const char *)src)); + DBG_NOTICE("convert_string_internal: Conversion error: %s\n", + reason); break; default: - DEBUG(0,("convert_string_internal: Conversion error: %s(%s)\n", - reason, (const char *)src)); + DBG_ERR("convert_string_internal: Conversion error: %s\n", + reason); break; } /* smb_panic(reason); */ @@ -427,16 +427,19 @@ bool convert_string_talloc_handle(TALLOC_CTX *ctx, struct smb_iconv_handle *ic, switch(errno) { case EINVAL: reason="Incomplete multibyte sequence"; - DEBUG(3,("convert_string_talloc: Conversion error: %s(%s)\n",reason,inbuf)); + DBG_NOTICE("Conversion error: %s\n", + reason); break; case E2BIG: goto convert; case EILSEQ: reason="Illegal multibyte sequence"; - DEBUG(3,("convert_string_talloc: Conversion error: %s(%s)\n",reason,inbuf)); + DBG_NOTICE("Conversion error: %s\n", + reason); break; default: - DEBUG(0,("Conversion error: %s(%s)\n",reason,inbuf)); + DBG_ERR("Conversion error: %s\n", + reason); break; } /* smb_panic(reason); */ |