diff options
author | Andrew Bartlett <abartlet@samba.org> | 2019-11-19 16:58:57 +1300 |
---|---|---|
committer | Andrew Bartlett <abartlet@samba.org> | 2019-12-12 02:30:40 +0000 |
commit | 362d70ff2fb6fb6265fce03da6b09dd4756dc604 (patch) | |
tree | fe558af19230cf5f97ab529b6b71e1a9756f5a6b /librpc | |
parent | 5eb560d25e9104dc02477a6bf819d0c37e8afb86 (diff) | |
download | samba-362d70ff2fb6fb6265fce03da6b09dd4756dc604.tar.gz |
librpc: Do not follow a NULL pointer when calculating the size of a structure
Found by Douglas Bagnall using Hongfuzz and the new fuzz_ndr_X
fuzzer.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13876
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
Diffstat (limited to 'librpc')
-rw-r--r-- | librpc/ndr/ndr.c | 5 |
1 files changed, 5 insertions, 0 deletions
diff --git a/librpc/ndr/ndr.c b/librpc/ndr/ndr.c index 6cc53b6e03a..dc83cf35ffd 100644 --- a/librpc/ndr/ndr.c +++ b/librpc/ndr/ndr.c @@ -1492,6 +1492,11 @@ _PUBLIC_ size_t ndr_size_struct(const void *p, int flags, ndr_push_flags_fn_t pu /* avoid recursion */ if (flags & LIBNDR_FLAG_NO_NDR_SIZE) return 0; + /* Avoid following a NULL pointer */ + if (p == NULL) { + return 0; + } + ndr = ndr_push_init_ctx(NULL); if (!ndr) return 0; ndr->flags |= flags | LIBNDR_FLAG_NO_NDR_SIZE; |