mirror of
https://github.com/samba-team/samba.git
synced 2025-01-11 05:18:09 +03:00
1870e5b46c
A wildcard search is divided into chunks by the asterisks. While most
chunks match the first suitable string, the last chunk matches the
last possible string (unless there is a trailing asterisk, in which
case this distinction is moot).
We always knew this in our hearts, but we tried to do it in a funny
complicated way that stepped through the string, comparing here and
there, leading to CVE-2019-3824 and missed matches (bug 14044).
With this patch, we just jump to the end of the string and compare it.
As well as being correct, this should also improve performance, as the
previous algorithm involved a quadratic loop of erroneous memmem()s.
See https://tools.ietf.org/html/rfc4517
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14044
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Björn Jacke <bjacke@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit
|
||
---|---|---|
.. | ||
addns | ||
afs | ||
async_req | ||
audit_logging | ||
compression | ||
crypto | ||
dbwrap | ||
fuzzing | ||
krb5_wrap | ||
ldb | ||
ldb-samba | ||
messaging | ||
mscat | ||
param | ||
printer_driver | ||
pthreadpool | ||
replace | ||
smbconf | ||
socket | ||
talloc | ||
tdb | ||
tdb_wrap | ||
tdr | ||
tevent | ||
texpect | ||
torture | ||
tsocket | ||
util | ||
README | ||
wscript_build |
compression - Various compression algorithms (MSZIP, lzxpress) popt - Command-line option parsing library replace - Provides replacements for standard (POSIX, C99) functions not provided by the host platform. subunit - Utilities and bindings for working with the Subunit test result reporting protocol. talloc - Hierarchical pool based memory allocator tdb - Simple but fast key/value database library, supporting multiple writers torture - Simple unit testing helper library