1
0
mirror of https://github.com/samba-team/samba.git synced 2024-12-24 21:34:56 +03:00
samba-mirror/source4/dsdb
Gary Lockyer 13658324a3 CVE-2019-19344 kcc dns scavenging: Fix use after free in dns_tombstone_records_zone
ldb_msg_add_empty reallocates the underlying element array, leaving
old_el pointing to freed memory.

This patch takes two defensive copies of the ldb message, and performs
the updates on them rather than the ldb messages in the result.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=14050

Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>

Autobuild-User(master): Karolin Seeger <kseeger@samba.org>
Autobuild-Date(master): Tue Jan 21 11:38:38 UTC 2020 on sn-devel-184
2020-01-21 11:38:38 +00:00
..
common dsdb: Use write_data() to write to the password check script 2020-01-19 18:29:39 +00:00
dns s4-dns: Deprecate BIND9_FLATFILE and remove "rndc command" 2019-08-22 21:24:00 +00:00
kcc CVE-2019-19344 kcc dns scavenging: Fix use after free in dns_tombstone_records_zone 2020-01-21 11:38:38 +00:00
repl messaging4: Pass fds to messaging handlers 2019-09-18 20:10:24 +00:00
samdb repl_meta_data: Only reset replMetaData entry for name if we made a conflict name here 2020-01-21 10:11:39 +00:00
schema source4/dsdb/schema/schema_description.c: typo fixes 2019-10-31 00:43:37 +00:00
tests/python CVE-2019-14847 dsdb: Demonstrate the correct interaction of ranged_results style attributes and dirsync 2019-10-31 22:07:40 +00:00
pydsdb.c s4/py_dsdb: avoid NULL deref in set_domain_sid() 2019-07-22 22:20:25 +00:00
samdb.pc.in
wscript_build build: Remove bld.gen_python_environments() 2019-03-21 04:06:14 +00:00