sin/samba-mirror
1
0
Fork 0
mirror of https://github.com/samba-team/samba.git synced 2025-01-11 05:18:09 +03:00
Code

libndr: Do not overwrite token list with NULL on allocation failure

Browse Source 
This was one part of the minimum patch for CVE-2019-14908 before
being downgraded as not a security-release worthy issue.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13876

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
This commit is contained in:
Andrew Bartlett 2019-11-18 10:38:01 +13:00
parent bcffdc9a89
commit 4501663f6e
1 changed files with 5 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
librpc/ndr/ndr.c
View File

@ -972,6 +972,7 @@ _PUBLIC_ enum ndr_err_code ndr_token_store(TALLOC_CTX *mem_ctx,
NDR_ERR_HAVE_NO_MEMORY(list->tokens);
}
} else {
struct ndr_token *new_tokens = NULL;
uint32_t alloc_count = talloc_array_length(list->tokens);
if (list->count == alloc_count) {
unsigned new_alloc;
@ -980,11 +981,10 @@ _PUBLIC_ enum ndr_err_code ndr_token_store(TALLOC_CTX *mem_ctx,
if (new_alloc < alloc_count) {
return NDR_ERR_RANGE;
}
list->tokens = talloc_realloc(mem_ctx, list->tokens,
struct ndr_token, new_alloc);
if (list->tokens == NULL) {
NDR_ERR_HAVE_NO_MEMORY(list->tokens);
}
new_tokens = talloc_realloc(mem_ctx, list->tokens,
struct ndr_token, new_alloc);
NDR_ERR_HAVE_NO_MEMORY(new_tokens);
list->tokens = new_tokens;
}
}
list->tokens[list->count].key = key;