sin/samba-mirror
1
0
Fork 0
mirror of https://github.com/samba-team/samba.git synced 2025-02-26 21:57:41 +03:00
Code

idmap_tdb: Harden idmap_tdb_common_unixid_to_sid

Browse Source 
A non-null terminated record would make string_to_sid read beyond the
end of allocated data.

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
This commit is contained in:
Volker Lendecke 2016-11-30 18:43:44 +01:00
parent 5ee846fabf
commit b64835a109
1 changed files with 6 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
source3/winbindd/idmap_tdb_common.c
View File

@ -430,6 +430,12 @@ NTSTATUS idmap_tdb_common_unixid_to_sid(struct idmap_domain * dom,
goto done;
}
if ((data.dsize == 0) || (data.dptr[data.dsize-1] != '\0')) {
DBG_DEBUG("Invalid record length %zu\n", data.dsize);
ret = NT_STATUS_INTERNAL_DB_ERROR;
goto done;
}
if (!string_to_sid(map->sid, (const char *)data.dptr)) {
DEBUG(10, ("INVALID SID (%s) in record %s\n",
(const char *)data.dptr, keystr));