diff options
author | Volker Lendecke <vl@samba.org> | 2016-11-30 18:43:44 +0100 |
---|---|---|
committer | Volker Lendecke <vl@samba.org> | 2016-12-16 17:38:19 +0100 |
commit | b64835a109b112543cc82a50c2dbb4ece5149ec6 (patch) | |
tree | fd2043619e11eb6100880236ff6796eb4db212df | |
parent | 5ee846fabf809b1b0070d53bef56f3735ac1e9bb (diff) | |
download | samba-b64835a109b112543cc82a50c2dbb4ece5149ec6.tar.gz |
idmap_tdb: Harden idmap_tdb_common_unixid_to_sid
A non-null terminated record would make string_to_sid read beyond the
end of allocated data.
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
-rw-r--r-- | source3/winbindd/idmap_tdb_common.c | 6 |
1 files changed, 6 insertions, 0 deletions
diff --git a/source3/winbindd/idmap_tdb_common.c b/source3/winbindd/idmap_tdb_common.c index ebf1bb90b2c..0d7e734cd5d 100644 --- a/source3/winbindd/idmap_tdb_common.c +++ b/source3/winbindd/idmap_tdb_common.c @@ -430,6 +430,12 @@ NTSTATUS idmap_tdb_common_unixid_to_sid(struct idmap_domain * dom, goto done; } + if ((data.dsize == 0) || (data.dptr[data.dsize-1] != '\0')) { + DBG_DEBUG("Invalid record length %zu\n", data.dsize); + ret = NT_STATUS_INTERNAL_DB_ERROR; + goto done; + } + if (!string_to_sid(map->sid, (const char *)data.dptr)) { DEBUG(10, ("INVALID SID (%s) in record %s\n", (const char *)data.dptr, keystr)); |