diff options
author | Douglas Bagnall <douglas.bagnall@catalyst.net.nz> | 2019-05-22 13:23:25 +1200 |
---|---|---|
committer | Karolin Seeger <kseeger@samba.org> | 2019-06-13 11:26:43 +0200 |
commit | c2423655657f3074c80ae06f0b6806fc71c8bb41 (patch) | |
tree | e68e1b6cff7c9fa657429137ea1ac4b8614a838d /source4 | |
parent | 09818693ac251a15df39433ed529b882883cdd44 (diff) | |
download | samba-c2423655657f3074c80ae06f0b6806fc71c8bb41.tar.gz |
CVE-2019-12435 rpc/dns: avoid NULL deference if zone not found in DnssrvOperation2
We still want to return DOES_NOT_EXIST when request_filter is not 0.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13922
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Diffstat (limited to 'source4')
-rw-r--r-- | source4/rpc_server/dnsserver/dcerpc_dnsserver.c | 7 |
1 files changed, 6 insertions, 1 deletions
diff --git a/source4/rpc_server/dnsserver/dcerpc_dnsserver.c b/source4/rpc_server/dnsserver/dcerpc_dnsserver.c index 4e28778c89a..353754f9261 100644 --- a/source4/rpc_server/dnsserver/dcerpc_dnsserver.c +++ b/source4/rpc_server/dnsserver/dcerpc_dnsserver.c @@ -2167,7 +2167,12 @@ static WERROR dcesrv_DnssrvOperation2(struct dcesrv_call_state *dce_call, TALLOC &r->in.pData); } else { z = dnsserver_find_zone(dsstate->zones, r->in.pszZone); - if (z == NULL && request_filter == 0) { + /* + * In the case that request_filter is not 0 and z is NULL, + * the request is for a multizone operation, which we do not + * yet support, so just error on NULL zone name. + */ + if (z == NULL) { return WERR_DNS_ERROR_ZONE_DOES_NOT_EXIST; } |