mirror of
https://github.com/samba-team/samba.git
synced 2024-12-22 13:34:15 +03:00
CVE-2016-2123: Fix DNS vuln ZDI-CAN-3995
Thanks to Trend Micro's Zero Day Initiative and Frederic Besler for finding this vulnerability with a PoC and a good analysis. Signed-off-by: Volker Lendecke <vl@samba.org> Bug: https://bugzilla.samba.org/show_bug.cgi?id=12409
This commit is contained in:
parent
0bb3490329
commit
ce9e4a3501
@ -56,7 +56,16 @@ _PUBLIC_ enum ndr_err_code ndr_pull_dnsp_name(struct ndr_pull *ndr, int ndr_flag
|
||||
uint8_t sublen, newlen;
|
||||
NDR_CHECK(ndr_pull_uint8(ndr, ndr_flags, &sublen));
|
||||
newlen = total_len + sublen;
|
||||
if (newlen < total_len) {
|
||||
return ndr_pull_error(ndr, NDR_ERR_RANGE,
|
||||
"Failed to pull dnsp_name");
|
||||
}
|
||||
if (i != count-1) {
|
||||
if (newlen == UINT8_MAX) {
|
||||
return ndr_pull_error(
|
||||
ndr, NDR_ERR_RANGE,
|
||||
"Failed to pull dnsp_name");
|
||||
}
|
||||
newlen++; /* for the '.' */
|
||||
}
|
||||
ret = talloc_realloc(ndr->current_mem_ctx, ret, char, newlen);
|
||||
|
Loading…
Reference in New Issue
Block a user