mirror of
https://github.com/samba-team/samba.git
synced 2024-12-23 17:34:34 +03:00
librpc: Do not follow a NULL pointer when calculating the size of a union
Found by Douglas Bagnall using Hongfuzz and the new fuzz_ndr_X fuzzer. BUG: https://bugzilla.samba.org/show_bug.cgi?id=13876 Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
This commit is contained in:
parent
456cdb7fa3
commit
92a7c5a726
@ -1522,6 +1522,11 @@ _PUBLIC_ size_t ndr_size_union(const void *p, int flags, uint32_t level, ndr_pus
|
|||||||
/* avoid recursion */
|
/* avoid recursion */
|
||||||
if (flags & LIBNDR_FLAG_NO_NDR_SIZE) return 0;
|
if (flags & LIBNDR_FLAG_NO_NDR_SIZE) return 0;
|
||||||
|
|
||||||
|
/* Avoid following a NULL pointer */
|
||||||
|
if (p == NULL) {
|
||||||
|
return 0;
|
||||||
|
}
|
||||||
|
|
||||||
ndr = ndr_push_init_ctx(NULL);
|
ndr = ndr_push_init_ctx(NULL);
|
||||||
if (!ndr) return 0;
|
if (!ndr) return 0;
|
||||||
ndr->flags |= flags | LIBNDR_FLAG_NO_NDR_SIZE;
|
ndr->flags |= flags | LIBNDR_FLAG_NO_NDR_SIZE;
|
||||||
|
@ -1 +0,0 @@
|
|||||||
^samba.tests.blackbox.ndrdump.samba.tests.blackbox.ndrdump.NdrDumpTests.test_ndrdump_fuzzed_NULL_union_PAC_BUFFER
|
|
Loading…
Reference in New Issue
Block a user