CVE-2019-12435 rpc/dns: avoid NULL deference if zone not found in DnssrvOperation2

We still want to return DOES_NOT_EXIST when request_filter is not 0. BUG: https://bugzilla.samba.org/show_bug.cgi?id=13922 Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
author: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> 2019-05-22 13:23:25 +1200
committer: Karolin Seeger <kseeger@samba.org> 2019-06-13 11:26:43 +0200
commit: c2423655657f3074c80ae06f0b6806fc71c8bb41 (patch)
tree: e68e1b6cff7c9fa657429137ea1ac4b8614a838d /python
parent: 09818693ac251a15df39433ed529b882883cdd44 (diff)
download: samba-c2423655657f3074c80ae06f0b6806fc71c8bb41.tar.gz
1 files changed, 26 insertions, 0 deletions
diff --git a/python/samba/tests/dcerpc/dnsserver.py b/python/samba/tests/dcerpc/dnsserver.py
index db9ed156148..7264a290ef2 100644
--- a/python/samba/tests/dcerpc/dnsserver.py
+++ b/python/samba/tests/dcerpc/dnsserver.py
@@ -732,6 +732,32 @@ class DnsserverTests(RpcInterfaceTestCase):
         # We should always encounter a DOES_NOT_EXIST error.
         self.fail()
 
+    # This test is to confirm that we do not support multizone operations,
+    # which are designated by a non-zero dwContext value (the 5th argument
+    # to DnssrvOperation2).
+    def test_operation2_invalid(self):
+        client_version = dnsserver.DNS_CLIENT_VERSION_LONGHORN
+        non_zone = 'a-zone-that-does-not-exist'
+        typeid = dnsserver.DNSSRV_TYPEID_NAME_AND_PARAM
+        name_and_param = dnsserver.DNS_RPC_NAME_AND_PARAM()
+        name_and_param.pszNodeName = 'AllowUpdate'
+        name_and_param.dwParam = dnsp.DNS_ZONE_UPDATE_SECURE
+        try:
+            res = self.conn.DnssrvOperation2(client_version,
+                                             0,
+                                             self.server,
+                                             non_zone,
+                                             1,
+                                             'ResetDwordProperty',
+                                             typeid,
+                                             name_and_param)
+        except WERRORError as e:
+            if e.args[0] == werror.WERR_DNS_ERROR_ZONE_DOES_NOT_EXIST:
+                return
+
+        # We should always encounter a DOES_NOT_EXIST error.
+        self.fail()
+
     def test_operation2(self):
         client_version = dnsserver.DNS_CLIENT_VERSION_LONGHORN
         rev_zone = '1.168.192.in-addr.arpa'
author	Douglas Bagnall <douglas.bagnall@catalyst.net.nz>	2019-05-22 13:23:25 +1200
committer	Karolin Seeger <kseeger@samba.org>	2019-06-13 11:26:43 +0200
commit	c2423655657f3074c80ae06f0b6806fc71c8bb41 (patch)
tree	e68e1b6cff7c9fa657429137ea1ac4b8614a838d /python
parent	09818693ac251a15df39433ed529b882883cdd44 (diff)
download	samba-c2423655657f3074c80ae06f0b6806fc71c8bb41.tar.gz