secrets: Protect against a non-0-terminated ldap password

Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Ralph Böhme <slow@samba.org>
author: Volker Lendecke <vl@samba.org> 2017-04-21 13:05:12 +0200
committer: Jeremy Allison <jra@samba.org> 2017-04-22 05:20:20 +0200
commit: 4ceba0e18f7ba8f2b32ba24864095683f2168db0 (patch)
tree: 09aca1b28e1caea502a187fd41bc353d13077ed4 /source3/passdb/secrets.c
parent: 36612723b2b18675116b6197183bdfe5e1d9e06f (diff)
download: samba-4ceba0e18f7ba8f2b32ba24864095683f2168db0.tar.gz
1 files changed, 7 insertions, 0 deletions
diff --git a/source3/passdb/secrets.c b/source3/passdb/secrets.c
index 4372c635f1c..0ddee99a71f 100644
--- a/source3/passdb/secrets.c
+++ b/source3/passdb/secrets.c
@@ -316,6 +316,13 @@ bool fetch_ldap_pw(char **dn, char** pw)
 	*pw=(char *)secrets_fetch(key, &size);
 	SAFE_FREE(key);
 
+	if ((size != 0) && ((*pw)[size-1] != '\0')) {
+		DBG_ERR("Non 0-terminated password for dn %s\n", *dn);
+		SAFE_FREE(*pw);
+		SAFE_FREE(*dn);
+		return false;
+	}
+
 	if (!size) {
 		/* Upgrade 2.2 style entry */
 		char *p;
author	Volker Lendecke <vl@samba.org>	2017-04-21 13:05:12 +0200
committer	Jeremy Allison <jra@samba.org>	2017-04-22 05:20:20 +0200
commit	4ceba0e18f7ba8f2b32ba24864095683f2168db0 (patch)
tree	09aca1b28e1caea502a187fd41bc353d13077ed4 /source3/passdb/secrets.c
parent	36612723b2b18675116b6197183bdfe5e1d9e06f (diff)
download	samba-4ceba0e18f7ba8f2b32ba24864095683f2168db0.tar.gz