1
0
mirror of https://github.com/samba-team/samba.git synced 2024-12-22 13:34:15 +03:00
samba-mirror/source4
Joseph Sutton edad945339 librpc/nbt: Avoid reading invalid member of union
WACK packets use the ‘data’ member of the ‘nbt_rdata’ union, but they
claim to be a different type — NBT_QTYPE_NETBIOS — than would normally
be used with that union member. This means that if rr_type is equal to
NBT_QTYPE_NETBIOS, ndr_push_nbt_res_rec() has to guess which type the
structure really is by examining the data member. However, if the
structure is actually of a different type, that union member will not be
valid and accessing it will invoke undefined behaviour.

To fix this, eliminate all the guesswork and introduce a new type,
NBT_QTYPE_WACK, which can never appear on the wire, and which indicates
that although the ‘data’ union member should be used, the wire type is
actually NBT_QTYPE_NETBIOS.

This means that as far as NDR is concerned, the ‘netbios’ member of the
‘nbt_rdata’ union will consistently be used for all NBT_QTYPE_NETBIOS
structures; we shall no longer access the wrong member of the union.

Credit to OSS-Fuzz.

REF: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=38480

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15019

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>

Autobuild-User(master): Douglas Bagnall <dbagnall@samba.org>
Autobuild-Date(master): Fri Jul  7 01:14:06 UTC 2023 on atb-devel-224
2023-07-07 01:14:06 +00:00
..
auth s4:auth: Log authentication policies for NTLM authentication 2023-06-25 23:29:32 +00:00
cldap_server cldap_server: Align integer types 2022-12-12 21:16:33 +00:00
client s4:client: Fix shellcheck errors in test_smbclient.sh 2022-08-22 14:20:36 +00:00
cluster
dns_server dns_update.c: use DBG* macros instead of static log level numbers 2023-06-16 20:28:29 +00:00
dsdb garbage_collect_tombstone.c: use DBG* macros instead of static numeric log levels 2023-07-02 16:50:36 +00:00
echo_server s4: rename source4/smbd/ to source4/samba/ 2020-11-27 10:07:18 +00:00
include lib: Remove smb_threads from includes.h 2022-04-26 21:41:29 +00:00
kdc s4:kdc: don't log an error if msDS-AllowedToActOnBehalfOfOtherIdentity is missing 2023-06-27 06:39:08 +00:00
ldap_server auth: Add functionality to log client and server policy information 2023-06-25 23:29:32 +00:00
lib lib: Add a few required #includes 2023-06-16 16:14:30 +00:00
libcli s3-librpc: add ads.idl and convert ads_struct to talloc. 2022-12-16 20:38:32 +00:00
libnet crypto: Rely on GnuTLS 3.6.13 and gnutls_pbkdf2() 2023-06-30 14:00:38 +00:00
librpc netlogon:schannel: Fix NULL pointer dereference 2023-05-18 01:03:37 +00:00
nbt_server librpc/nbt: Avoid reading invalid member of union 2023-07-07 01:14:06 +00:00
ntp_signd s4: rename source4/smbd/ to source4/samba/ 2020-11-27 10:07:18 +00:00
ntvfs s4:ntvfs:posix: avoid parsing empty blob in posix_eadb_add_list() 2023-05-09 01:59:32 +00:00
param python: whitespace fixes 2022-10-03 20:03:32 +00:00
rpc_server crypto: Rely on GnuTLS 3.6.13 and gnutls_pbkdf2() 2023-06-30 14:00:38 +00:00
samba s4-server: Call dsdb_check_and_update_fl() during startup transaction. 2023-06-14 22:57:34 +00:00
script s4:script: Fix shellcheck errors in find_unused_options.sh 2022-08-22 14:20:36 +00:00
scripting s4/scripting/bin: Add NT_STATUS_OK to list of definitions 2023-06-14 22:57:35 +00:00
selftest crypto: Rely on GnuTLS 3.6.13 and gnutls_pbkdf2() 2023-06-30 14:00:38 +00:00
setup CVE-2023-0614 ldb: Prevent disclosure of confidential attributes 2023-04-05 02:10:35 +00:00
smb_server auth: Add functionality to log client and server policy information 2023-06-25 23:29:32 +00:00
torture torture4: Fix an error message 2023-07-03 19:40:35 +00:00
utils s4:utils: Fix shellcheck errors in test_samba_tool.sh 2022-08-22 20:35:36 +00:00
winbind CVE-2022-32746 ldb: Make use of functions for appending to an ldb_message 2022-07-27 10:52:36 +00:00
wrepl_server s4: rename source4/smbd/ to source4/samba/ 2020-11-27 10:07:18 +00:00
.clang_complete
.valgrind_suppressions
wscript_build s4:client: Migrate cifsdd to new cmdline option parser 2021-06-16 00:34:38 +00:00