sin/samba-mirror
1
0
Fork 0
mirror of https://github.com/samba-team/samba.git synced 2025-01-11 05:18:09 +03:00
Code

smbd: Properly protect against invalid lock data

Browse Source 
If someone messes with brlock.tdb and inserts an invalid record length,
this will lead to memcpy overwriting a few bytes behind malloc'ed data.

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Thu Sep 12 03:26:45 CEST 2013 on sn-devel-104
This commit is contained in:
Volker Lendecke 2013-09-11 12:04:58 +00:00 committed by Jeremy Allison
parent 776db7d385
commit 8f411425f6
1 changed files with 6 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
source3/locking/brlock.c
View File

@ -1976,6 +1976,12 @@ static struct byte_range_lock *brl_get_locks_internal(TALLOC_CTX *mem_ctx,
data = dbwrap_record_get_value(br_lck->record); data = dbwrap_record_get_value(br_lck->record);
} }
if ((data.dsize % sizeof(struct lock_struct)) != 0) {
DEBUG(3, ("Got invalid brlock data\n"));
TALLOC_FREE(br_lck);
return NULL;
}
br_lck->read_only = do_read_only; br_lck->read_only = do_read_only;
br_lck->lock_data = NULL; br_lck->lock_data = NULL;