mirror of
https://github.com/samba-team/samba.git
synced 2024-12-22 13:34:15 +03:00
CVE-2023-34968: mdssvc: remove response blob allocation
This is alreay done by NDR for us. BUG: https://bugzilla.samba.org/show_bug.cgi?id=15388 Signed-off-by: Ralph Boehme <slow@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
This commit is contained in:
parent
739f72a070
commit
34f9f1b37e
@ -164,7 +164,6 @@ void _mdssvc_cmd(struct pipes_struct *p, struct mdssvc_cmd *r)
|
|||||||
struct auth_session_info *session_info =
|
struct auth_session_info *session_info =
|
||||||
dcesrv_call_session_info(dce_call);
|
dcesrv_call_session_info(dce_call);
|
||||||
bool ok;
|
bool ok;
|
||||||
char *rbuf;
|
|
||||||
struct mds_ctx *mds_ctx;
|
struct mds_ctx *mds_ctx;
|
||||||
NTSTATUS status;
|
NTSTATUS status;
|
||||||
|
|
||||||
@ -221,14 +220,6 @@ void _mdssvc_cmd(struct pipes_struct *p, struct mdssvc_cmd *r)
|
|||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
|
|
||||||
rbuf = talloc_zero_array(p->mem_ctx, char, r->in.max_fragment_size1);
|
|
||||||
if (rbuf == NULL) {
|
|
||||||
p->fault_state = DCERPC_FAULT_CANT_PERFORM;
|
|
||||||
return;
|
|
||||||
}
|
|
||||||
r->out.response_blob->spotlight_blob = (uint8_t *)rbuf;
|
|
||||||
r->out.response_blob->size = r->in.max_fragment_size1;
|
|
||||||
|
|
||||||
/* We currently don't use fragmentation at the mdssvc RPC layer */
|
/* We currently don't use fragmentation at the mdssvc RPC layer */
|
||||||
*r->out.fragment = 0;
|
*r->out.fragment = 0;
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user