1
0
mirror of https://github.com/samba-team/samba.git synced 2024-12-24 21:34:56 +03:00
samba-mirror/source3/rpc_client
Andreas Schneider dd896862d0 s3:rpc_client: Check for array size instead of UINT16_MAX
mdscli_ctx->mdscmd_open.share_path is an array of size 1025. The
boundary is 1025 and not UINT16_MAX.

"Error: OVERRUN (CWE-119):
samba-4.20.0rc2/source3/rpc_client/cli_mdssvc.c:127: cond_at_least: Checking ""share_path_len < 1UL"" implies that ""share_path_len"" is at least 1 on the false branch.
samba-4.20.0rc2/source3/rpc_client/cli_mdssvc.c:127: cond_between: Checking ""share_path_len > 65535UL"" implies that ""share_path_len"" is between 1 and 65535 (inclusive) on the false branch.
samba-4.20.0rc2/source3/rpc_client/cli_mdssvc.c:133: overrun-local: Overrunning array ""mdscli_ctx->mdscmd_open.share_path"" of 1025 bytes at byte offset 65534 using index ""share_path_len - 1UL"" (which evaluates to 65534).
  131|   	mdscli_ctx->mdscmd_open.share_path_len = share_path_len;
  132|
  133|-> 	if (mdscli_ctx->mdscmd_open.share_path[share_path_len-1] == '/') {
  134|   		mdscli_ctx->mdscmd_open.share_path[share_path_len-1] = '\0';
  135|   		mdscli_ctx->mdscmd_open.share_path_len--;"

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Noel Power <npower@samba.org>
2024-06-28 11:39:33 +00:00
..
cli_lsarpc.c s3:rpc_client: Remove unused rpccli_lsa_open_policy2() 2023-11-21 12:21:18 +00:00
cli_lsarpc.h s3:rpc_client: Remove unused rpccli_lsa_open_policy2() 2023-11-21 12:21:18 +00:00
cli_mdssvc_private.h CVE-2023-34968: mdscli: return share relative paths 2023-07-21 12:05:35 +00:00
cli_mdssvc_util.c CVE-2023-34968: mdscli: return share relative paths 2023-07-21 12:05:35 +00:00
cli_mdssvc_util.h CVE-2023-34968: mdscli: return share relative paths 2023-07-21 12:05:35 +00:00
cli_mdssvc.c s3:rpc_client: Check for array size instead of UINT16_MAX 2024-06-28 11:39:33 +00:00
cli_mdssvc.h
cli_netlogon.c
cli_netlogon.h
cli_pipe_schannel.c
cli_pipe.c s3:rpc_client: implement bind time feature negotiation 2024-04-23 17:29:55 +00:00
cli_pipe.h
cli_samr.c
cli_samr.h
cli_spoolss.c s3:rpc_client: Fix code spelling 2023-09-11 02:42:41 +00:00
cli_spoolss.h
cli_winreg_int.c
cli_winreg_int.h
cli_winreg_spoolss.c
cli_winreg_spoolss.h
cli_winreg.c
cli_winreg.h
init_lsa.c s3:rpc_client: Implement rpc_lsa_encrypt_trustdom_info_aes() 2024-04-09 22:52:38 +00:00
init_lsa.h s3:rpc_client: Implement rpc_lsa_encrypt_trustdom_info_aes() 2024-04-09 22:52:38 +00:00
init_samr.c
init_samr.h
init_spoolss.c
init_spoolss.h
local_np.c librpc: Fix error path cleanups in start_rpc_host_send() 2023-11-07 12:46:37 +00:00
local_np.h
py_mdscli.c Use python.h from libreplace 2023-11-20 15:37:33 +00:00
rpc_client.h s3:rpc_client: implement bind time feature negotiation 2024-04-23 17:29:55 +00:00
rpc_transport_np.c s3:rpc_client: Add missing newlines to logging messages 2023-08-08 04:39:38 +00:00
rpc_transport_sock.c
rpc_transport_tstream.c add accessor for tstream_context 2023-10-25 22:23:38 +00:00
rpc_transport.h add accessor for tstream_context 2023-10-25 22:23:38 +00:00
util_netlogon.c
util_netlogon.h
wsp_cli.c s3/rpc_client: Fix array offset check 2024-02-17 17:58:43 +00:00
wsp_cli.h libcli/wsp: Add simple client api for wsp client code. 2023-10-25 22:23:38 +00:00