sin/samba-mirror
1
0
Fork 0
mirror of https://github.com/samba-team/samba.git synced 2025-01-05 09:18:06 +03:00
Code

CVE-2019-14907 lib/util: Do not print the failed to convert string into the logs

Browse Source 
The string may be in another charset, or may be sensitive and
certainly may not be terminated.  It is not safe to just print.

Found by Robert Święcki using a fuzzer he wrote for smbd.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14208
Signed-off-by: Andrew Bartlett <abartlet@samba.org>

(adapted from master commit)
This commit is contained in:
Andrew Bartlett 2019-11-29 20:58:47 +13:00 committed by Karolin Seeger
parent 030fa9e545
commit ad0e68d354
1 changed files with 18 additions and 15 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

33
lib/util/charset/convert_string.c
View File

@ -293,31 +293,31 @@ bool convert_string_handle(struct smb_iconv_handle *ic,
switch(errno) {
case EINVAL:
reason="Incomplete multibyte sequence";
DEBUG(3,("convert_string_internal: Conversion error: %s(%s)\n",
reason, (const char *)src));
DBG_NOTICE("Conversion error: %s\n",
reason);
break;
case E2BIG:
{
reason="No more room";
if (from == CH_UNIX) {
DEBUG(3,("E2BIG: convert_string(%s,%s): srclen=%u destlen=%u - '%s' error: %s\n",
charset_name(ic, from), charset_name(ic, to),
(unsigned int)srclen, (unsigned int)destlen, (const char *)src, reason));
DBG_NOTICE("E2BIG: convert_string(%s,%s): srclen=%u destlen=%u error: %s\n",
charset_name(ic, from), charset_name(ic, to),
(unsigned int)srclen, (unsigned int)destlen, reason);
} else {
DEBUG(3,("E2BIG: convert_string(%s,%s): srclen=%u destlen=%u error: %s\n",
charset_name(ic, from), charset_name(ic, to),
(unsigned int)srclen, (unsigned int)destlen, reason));
DBG_NOTICE("E2BIG: convert_string(%s,%s): srclen=%u destlen=%u error: %s\n",
charset_name(ic, from), charset_name(ic, to),
(unsigned int)srclen, (unsigned int)destlen, reason);
}
break;
}
case EILSEQ:
reason="Illegal multibyte sequence";
DEBUG(3,("convert_string_internal: Conversion error: %s(%s)\n",
reason, (const char *)src));
DBG_NOTICE("convert_string_internal: Conversion error: %s\n",
reason);
break;
default:
DEBUG(0,("convert_string_internal: Conversion error: %s(%s)\n",
reason, (const char *)src));
DBG_ERR("convert_string_internal: Conversion error: %s\n",
reason);
break;
}
/* smb_panic(reason); */
@ -427,16 +427,19 @@ bool convert_string_talloc_handle(TALLOC_CTX *ctx, struct smb_iconv_handle *ic,
switch(errno) {
case EINVAL:
reason="Incomplete multibyte sequence";
DEBUG(3,("convert_string_talloc: Conversion error: %s(%s)\n",reason,inbuf));
DBG_NOTICE("Conversion error: %s\n",
reason);
break;
case E2BIG:
goto convert;
case EILSEQ:
reason="Illegal multibyte sequence";
DEBUG(3,("convert_string_talloc: Conversion error: %s(%s)\n",reason,inbuf));
DBG_NOTICE("Conversion error: %s\n",
reason);
break;
default:
DEBUG(0,("Conversion error: %s(%s)\n",reason,inbuf));
DBG_ERR("Conversion error: %s\n",
reason);
break;
}
/* smb_panic(reason); */