mirror of
https://github.com/samba-team/samba.git
synced 2024-12-23 17:34:34 +03:00
edad945339
WACK packets use the ‘data’ member of the ‘nbt_rdata’ union, but they claim to be a different type — NBT_QTYPE_NETBIOS — than would normally be used with that union member. This means that if rr_type is equal to NBT_QTYPE_NETBIOS, ndr_push_nbt_res_rec() has to guess which type the structure really is by examining the data member. However, if the structure is actually of a different type, that union member will not be valid and accessing it will invoke undefined behaviour. To fix this, eliminate all the guesswork and introduce a new type, NBT_QTYPE_WACK, which can never appear on the wire, and which indicates that although the ‘data’ union member should be used, the wire type is actually NBT_QTYPE_NETBIOS. This means that as far as NDR is concerned, the ‘netbios’ member of the ‘nbt_rdata’ union will consistently be used for all NBT_QTYPE_NETBIOS structures; we shall no longer access the wrong member of the union. Credit to OSS-Fuzz. REF: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=38480 BUG: https://bugzilla.samba.org/show_bug.cgi?id=15019 Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Autobuild-User(master): Douglas Bagnall <dbagnall@samba.org> Autobuild-Date(master): Fri Jul 7 01:14:06 UTC 2023 on atb-devel-224 |
||
|---|---|---|
| .. | ||
| man | ||
| tools | ||
| libnbt.h | ||
| lmhosts.c | ||
| namequery.c | ||
| namerefresh.c | ||
| nameregister.c | ||
| namerelease.c | ||
| nbt_proto.h | ||
| nbtname.c | ||
| nbtsocket.c | ||
| pynbt.c | ||
| wscript_build | ||