sin/samba-mirror
1
0
Fork 0
mirror of https://github.com/samba-team/samba.git synced 2025-01-24 02:04:21 +03:00
Code

s3:lib: Fix undefined behavior in tdb_unpack()

Browse Source 
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>

Autobuild-User(master): Gary Lockyer <gary@samba.org>
Autobuild-Date(master): Tue Dec  4 00:23:03 CET 2018 on sn-devel-144
This commit is contained in:
Andreas Schneider 2018-11-27 08:23:25 +01:00 committed by Gary Lockyer
parent 86592673fb
commit 2b2edccb5a
1 changed files with 14 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

22
source3/lib/util_tdb.c
View File

@ -191,9 +191,11 @@ int tdb_unpack(const uint8_t *buf, int in_bufsize, const char *fmt, ...)
len = strnlen((const char *)buf, bufsize) + 1;
if (bufsize < len)
goto no_space;
*ps = SMB_STRDUP((const char *)buf);
if (*ps == NULL) {
goto no_space;
if (ps != NULL) {
*ps = SMB_STRDUP((const char *)buf);
if (*ps == NULL) {
goto no_space;
}
}
break;
case 'f': /* null-terminated string */
@ -201,7 +203,9 @@ int tdb_unpack(const uint8_t *buf, int in_bufsize, const char *fmt, ...)
len = strnlen((const char *)buf, bufsize) + 1;
if (bufsize < len || len > sizeof(fstring))
goto no_space;
memcpy(s, buf, len);
if (s != NULL) {
memcpy(s, buf, len);
}
break;
case 'B': /* fixed-length string */
i = va_arg(ap, uint32_t *);
@ -220,10 +224,12 @@ int tdb_unpack(const uint8_t *buf, int in_bufsize, const char *fmt, ...)
}
if (bufsize < len)
goto no_space;
*b = (char *)SMB_MALLOC(*i);
if (! *b)
goto no_space;
memcpy(*b, buf+4, *i);
if (b != NULL) {
*b = (char *)SMB_MALLOC(*i);
if (! *b)
goto no_space;
memcpy(*b, buf+4, *i);
}
break;
default:
DEBUG(0,("Unknown tdb_unpack format %c in %s\n",