mirror of
https://github.com/samba-team/samba.git
synced 2024-12-22 13:34:15 +03:00
librpc: Do not access name[-1] trying to push "" into a dnsp_name
This simply matches the behaviour from before e7b1acaddf
when the logic for a trailing . was added. This matches what is added in
the dnsRecord attribute for a name of "." over the dnsserver RPC
management interface and is based on what Windows does for that name
in (eg) an MX record.
No a security bug because we use talloc and so name will be just the
end of the talloc header.
Credit to OSS-Fuzz
Found using the fuzz_ndr_X fuzzer
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Fri Dec 20 11:33:52 UTC 2019 on sn-devel-184
This commit is contained in:
parent
16557e4480
commit
a85d257c1e
@ -106,8 +106,18 @@ enum ndr_err_code ndr_push_dnsp_name(struct ndr_push *ndr, int ndr_flags, const
|
||||
}
|
||||
total_len = strlen(name) + 1;
|
||||
|
||||
/* cope with names ending in '.' */
|
||||
if (name[strlen(name)-1] != '.') {
|
||||
/*
|
||||
* cope with names ending in '.'
|
||||
*/
|
||||
if (name[0] == '\0') {
|
||||
/*
|
||||
* Don't access name[-1] for the "" input, which has
|
||||
* the same meaning as a lone '.'.
|
||||
*
|
||||
* This allows a round-trip of a dnsRecord from
|
||||
* Windows of a MX record of '.'
|
||||
*/
|
||||
} else if (name[strlen(name)-1] != '.') {
|
||||
total_len++;
|
||||
count++;
|
||||
}
|
||||
|
@ -1 +0,0 @@
|
||||
^samba.tests.blackbox.ndrdump.samba.tests.blackbox.ndrdump.NdrDumpTests.test_ndrdump_dnsp_DnssrvRpcRecord
|
Loading…
Reference in New Issue
Block a user