diff options
author | Andrew Bartlett <abartlet@samba.org> | 2019-08-27 13:16:18 +1200 |
---|---|---|
committer | Andrew Bartlett <abartlet@samba.org> | 2019-08-27 04:44:41 +0000 |
commit | a8a3cef3a768aaff01227dd7b229fb7b3aef926f (patch) | |
tree | 5f286d1069ac8177fc5d44ed8e31a5401e544f49 /lib | |
parent | 52bd2dde5ae809ecc115f7087e367327f4771e73 (diff) | |
download | samba-a8a3cef3a768aaff01227dd7b229fb7b3aef926f.tar.gz |
ldb: Do not read beyond the end of the extended DN component when printing
The print functions used in Samba NULL terminate, but do not assume they will
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14049
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
Diffstat (limited to 'lib')
-rw-r--r-- | lib/ldb/common/ldb_dn.c | 12 |
1 files changed, 8 insertions, 4 deletions
diff --git a/lib/ldb/common/ldb_dn.c b/lib/ldb/common/ldb_dn.c index b9a414dc566..83f94e3b913 100644 --- a/lib/ldb/common/ldb_dn.c +++ b/lib/ldb/common/ldb_dn.c @@ -871,11 +871,15 @@ char *ldb_dn_get_extended_linearized(TALLOC_CTX *mem_ctx, struct ldb_dn *dn, int } if (i == 0) { - p = talloc_asprintf(mem_ctx, "<%s=%s>", - name, val.data); + p = talloc_asprintf(mem_ctx, "<%s=%.*s>", + name, + (int)val.length, + val.data); } else { - p = talloc_asprintf_append_buffer(p, ";<%s=%s>", - name, val.data); + p = talloc_asprintf_append_buffer(p, ";<%s=%.*s>", + name, + (int)val.length, + val.data); } talloc_free(val.data); |