mirror of
https://github.com/samba-team/samba.git
synced 2024-12-22 13:34:15 +03:00
smbd: Properly protect against invalid lock data
If someone messes with brlock.tdb and inserts an invalid record length, this will lead to memcpy overwriting a few bytes behind malloc'ed data. Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org> Autobuild-User(master): Jeremy Allison <jra@samba.org> Autobuild-Date(master): Thu Sep 12 03:26:45 CEST 2013 on sn-devel-104
This commit is contained in:
parent
776db7d385
commit
8f411425f6
@ -1976,6 +1976,12 @@ static struct byte_range_lock *brl_get_locks_internal(TALLOC_CTX *mem_ctx,
|
||||
data = dbwrap_record_get_value(br_lck->record);
|
||||
}
|
||||
|
||||
if ((data.dsize % sizeof(struct lock_struct)) != 0) {
|
||||
DEBUG(3, ("Got invalid brlock data\n"));
|
||||
TALLOC_FREE(br_lck);
|
||||
return NULL;
|
||||
}
|
||||
|
||||
br_lck->read_only = do_read_only;
|
||||
br_lck->lock_data = NULL;
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user