1
0
mirror of https://github.com/samba-team/samba.git synced 2024-12-22 13:34:15 +03:00

smbd: Properly protect against invalid lock data

If someone messes with brlock.tdb and inserts an invalid record length,
this will lead to memcpy overwriting a few bytes behind malloc'ed data.

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Thu Sep 12 03:26:45 CEST 2013 on sn-devel-104
This commit is contained in:
Volker Lendecke 2013-09-11 12:04:58 +00:00 committed by Jeremy Allison
parent 776db7d385
commit 8f411425f6

View File

@ -1976,6 +1976,12 @@ static struct byte_range_lock *brl_get_locks_internal(TALLOC_CTX *mem_ctx,
data = dbwrap_record_get_value(br_lck->record);
}
if ((data.dsize % sizeof(struct lock_struct)) != 0) {
DEBUG(3, ("Got invalid brlock data\n"));
TALLOC_FREE(br_lck);
return NULL;
}
br_lck->read_only = do_read_only;
br_lck->lock_data = NULL;