mirror of
https://github.com/samba-team/samba.git
synced 2025-01-25 06:04:04 +03:00
s4:ntvfs:posix: avoid parsing empty blob in posix_eadb_add_list()
Strictly speaking, this is not a bug because parsing loop will just skip an empty ({NULL}, 0) blob. But it's better to avoid this case because UBSan (as of clang-17 at least) may complain on such a parsing attempt: source4/ntvfs/posix/posix_eadb.c:56:62: runtime error: applying zero offset to null pointer #0 0x7f9d71ce7b2a in posix_eadb_add_list source4/ntvfs/posix/posix_eadb.c:56 #1 0x7f9d71ce7b2a in push_xattr_blob_tdb_raw source4/ntvfs/posix/posix_eadb.c:178 #2 0x7f9d71cec1f5 in py_wrap_setxattr source4/ntvfs/posix/python/pyposix_eadb.c:64 #3 0x7f9d88bd4507 in cfunction_call (/lib64/libpython3.11.so.1.0+0x1d4507) [... a lot of Python calls skipped...] Signed-off-by: Dmitry Antipov <dantipov@cloudlinux.com> Reviewed-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
This commit is contained in:
parent
46ae5568fa
commit
9755206f6d
@ -37,7 +37,6 @@ static NTSTATUS posix_eadb_add_list(struct tdb_wrap *ea_tdb, TALLOC_CTX *ctx, co
|
|||||||
{
|
{
|
||||||
DATA_BLOB blob;
|
DATA_BLOB blob;
|
||||||
TALLOC_CTX *mem_ctx;
|
TALLOC_CTX *mem_ctx;
|
||||||
const char *s;
|
|
||||||
NTSTATUS status;
|
NTSTATUS status;
|
||||||
size_t len;
|
size_t len;
|
||||||
|
|
||||||
@ -49,15 +48,20 @@ static NTSTATUS posix_eadb_add_list(struct tdb_wrap *ea_tdb, TALLOC_CTX *ctx, co
|
|||||||
|
|
||||||
status = pull_xattr_blob_tdb_raw(ea_tdb, mem_ctx, XATTR_LIST_ATTR,
|
status = pull_xattr_blob_tdb_raw(ea_tdb, mem_ctx, XATTR_LIST_ATTR,
|
||||||
fname, fd, 100, &blob);
|
fname, fd, 100, &blob);
|
||||||
if (!NT_STATUS_IS_OK(status)) {
|
if (NT_STATUS_IS_OK(status)) {
|
||||||
blob = data_blob(NULL, 0);
|
const char *s;
|
||||||
}
|
|
||||||
|
|
||||||
for (s=(const char *)blob.data; s < (const char *)(blob.data+blob.length); s += strlen(s) + 1) {
|
for (s = (const char *)blob.data;
|
||||||
if (strcmp(attr_name, s) == 0) {
|
s < (const char *)(blob.data + blob.length);
|
||||||
talloc_free(mem_ctx);
|
s += strlen(s) + 1) {
|
||||||
return NT_STATUS_OK;
|
if (strcmp(attr_name, s) == 0) {
|
||||||
|
talloc_free(mem_ctx);
|
||||||
|
return NT_STATUS_OK;
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
} else {
|
||||||
|
blob = data_blob(NULL, 0);
|
||||||
|
/* No need to parse an empty blob */
|
||||||
}
|
}
|
||||||
|
|
||||||
len = strlen(attr_name) + 1;
|
len = strlen(attr_name) + 1;
|
||||||
|
Loading…
x
Reference in New Issue
Block a user