sin/samba-mirror
1
0
Fork 0
mirror of https://github.com/samba-team/samba.git synced 2025-01-22 22:04:08 +03:00
Code

CVE-2019-12435 rpc/dns: avoid NULL deference if zone not found in DnssrvOperation2

Browse Source 
We still want to return DOES_NOT_EXIST when request_filter is not 0.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13922

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
This commit is contained in:
Douglas Bagnall 2019-05-22 13:23:25 +12:00 committed by Karolin Seeger
parent 0b9da24753
commit d32b96aeff
2 changed files with 32 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

26
python/samba/tests/dcerpc/dnsserver.py
View File

@ -732,6 +732,32 @@ class DnsserverTests(RpcInterfaceTestCase):
# We should always encounter a DOES_NOT_EXIST error. # We should always encounter a DOES_NOT_EXIST error.
self.fail() self.fail()
# This test is to confirm that we do not support multizone operations,
# which are designated by a non-zero dwContext value (the 5th argument
# to DnssrvOperation2).
def test_operation2_invalid(self):
client_version = dnsserver.DNS_CLIENT_VERSION_LONGHORN
non_zone = 'a-zone-that-does-not-exist'
typeid = dnsserver.DNSSRV_TYPEID_NAME_AND_PARAM
name_and_param = dnsserver.DNS_RPC_NAME_AND_PARAM()
name_and_param.pszNodeName = 'AllowUpdate'
name_and_param.dwParam = dnsp.DNS_ZONE_UPDATE_SECURE
try:
res = self.conn.DnssrvOperation2(client_version,
0,
self.server,
non_zone,
1,
'ResetDwordProperty',
typeid,
name_and_param)
except WERRORError as e:
if e.args[0] == werror.WERR_DNS_ERROR_ZONE_DOES_NOT_EXIST:
return
# We should always encounter a DOES_NOT_EXIST error.
self.fail()
def test_operation2(self): def test_operation2(self):
client_version = dnsserver.DNS_CLIENT_VERSION_LONGHORN client_version = dnsserver.DNS_CLIENT_VERSION_LONGHORN
rev_zone = '1.168.192.in-addr.arpa' rev_zone = '1.168.192.in-addr.arpa'

7
source4/rpc_server/dnsserver/dcerpc_dnsserver.c
View File

@ -2230,7 +2230,12 @@ static WERROR dcesrv_DnssrvOperation2(struct dcesrv_call_state *dce_call, TALLOC
&r->in.pData); &r->in.pData);
} else { } else {
z = dnsserver_find_zone(dsstate->zones, r->in.pszZone); z = dnsserver_find_zone(dsstate->zones, r->in.pszZone);
if (z == NULL && request_filter == 0) { /*
* In the case that request_filter is not 0 and z is NULL,
* the request is for a multizone operation, which we do not
* yet support, so just error on NULL zone name.
*/
if (z == NULL) {
return WERR_DNS_ERROR_ZONE_DOES_NOT_EXIST; return WERR_DNS_ERROR_ZONE_DOES_NOT_EXIST;
} }