mirror of
https://github.com/samba-team/samba.git
synced 2025-01-21 18:04:06 +03:00
CVE-2022-32745 s4/dsdb/util: Don't call memcpy() with a NULL pointer
Doing so is undefined behaviour. BUG: https://bugzilla.samba.org/show_bug.cgi?id=15008 Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
This commit is contained in:
Joseph Sutton
Jule Anger
parent
7c8427e5d2
commit
4d2d30c21b
@ -1548,15 +1548,19 @@ int dsdb_get_expected_new_values(TALLOC_CTX *mem_ctx,
|
|||||||
|
|
||||||
for (i = 0; i < msg->num_elements; i++) {
|
for (i = 0; i < msg->num_elements; i++) {
|
||||||
if (ldb_attr_cmp(msg->elements[i].name, attr_name) == 0) {
|
if (ldb_attr_cmp(msg->elements[i].name, attr_name) == 0) {
|
||||||
|
const struct ldb_message_element *tmp_el = &msg->elements[i];
|
||||||
if ((operation == LDB_MODIFY) &&
|
if ((operation == LDB_MODIFY) &&
|
||||||
(LDB_FLAG_MOD_TYPE(msg->elements[i].flags)
|
(LDB_FLAG_MOD_TYPE(tmp_el->flags)
|
||||||
== LDB_FLAG_MOD_DELETE)) {
|
== LDB_FLAG_MOD_DELETE)) {
|
||||||
continue;
|
continue;
|
||||||
}
|
}
|
||||||
|
if (tmp_el->values == NULL || tmp_el->num_values == 0) {
|
||||||
|
continue;
|
||||||
|
}
|
||||||
memcpy(v,
|
memcpy(v,
|
||||||
msg->elements[i].values,
|
tmp_el->values,
|
||||||
msg->elements[i].num_values);
|
tmp_el->num_values);
|
||||||
v += msg->elements[i].num_values;
|
v += tmp_el->num_values;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user