CVE-2019-12435 rpc/dns: avoid NULL deference if zone not found in DnssrvOperation2

We still want to return DOES_NOT_EXIST when request_filter is not 0. BUG: https://bugzilla.samba.org/show_bug.cgi?id=13922 Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
author: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> 2019-05-22 13:23:25 +1200
committer: Karolin Seeger <kseeger@samba.org> 2019-06-13 11:26:43 +0200
commit: c2423655657f3074c80ae06f0b6806fc71c8bb41 (patch)
tree: e68e1b6cff7c9fa657429137ea1ac4b8614a838d /source4
parent: 09818693ac251a15df39433ed529b882883cdd44 (diff)
download: samba-c2423655657f3074c80ae06f0b6806fc71c8bb41.tar.gz
1 files changed, 6 insertions, 1 deletions
diff --git a/source4/rpc_server/dnsserver/dcerpc_dnsserver.c b/source4/rpc_server/dnsserver/dcerpc_dnsserver.c
index 4e28778c89a..353754f9261 100644
--- a/source4/rpc_server/dnsserver/dcerpc_dnsserver.c
+++ b/source4/rpc_server/dnsserver/dcerpc_dnsserver.c
@@ -2167,7 +2167,12 @@ static WERROR dcesrv_DnssrvOperation2(struct dcesrv_call_state *dce_call, TALLOC
 						&r->in.pData);
 	} else {
 		z = dnsserver_find_zone(dsstate->zones, r->in.pszZone);
-		if (z == NULL && request_filter == 0) {
+		/*
+		 * In the case that request_filter is not 0 and z is NULL,
+		 * the request is for a multizone operation, which we do not
+		 * yet support, so just error on NULL zone name.
+		 */
+		if (z == NULL) {
 			return WERR_DNS_ERROR_ZONE_DOES_NOT_EXIST;
 		}
author	Douglas Bagnall <douglas.bagnall@catalyst.net.nz>	2019-05-22 13:23:25 +1200
committer	Karolin Seeger <kseeger@samba.org>	2019-06-13 11:26:43 +0200
commit	c2423655657f3074c80ae06f0b6806fc71c8bb41 (patch)
tree	e68e1b6cff7c9fa657429137ea1ac4b8614a838d /source4
parent	09818693ac251a15df39433ed529b882883cdd44 (diff)
download	samba-c2423655657f3074c80ae06f0b6806fc71c8bb41.tar.gz