diff options
author | Gary Lockyer <gary@catalyst.net.nz> | 2019-12-16 13:57:47 +1300 |
---|---|---|
committer | Karolin Seeger <kseeger@samba.org> | 2020-01-10 11:56:20 +0100 |
commit | 55fb0c2f67ef1906c942729c00f9f918dd92a658 (patch) | |
tree | f77a52de7990ac82f6be3b5ec09544926caa6039 /selftest | |
parent | ad0e68d354ad33c577dbf146fc4a1b8254857558 (diff) | |
download | samba-55fb0c2f67ef1906c942729c00f9f918dd92a658.tar.gz |
CVE-2019-19344 kcc dns scavenging: Fix use after free in dns_tombstone_records_zone
ldb_msg_add_empty reallocates the underlying element array, leaving
old_el pointing to freed memory.
This patch takes two defensive copies of the ldb message, and performs
the updates on them rather than the ldb messages in the result.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=14050
Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Diffstat (limited to 'selftest')
0 files changed, 0 insertions, 0 deletions