1
0
mirror of https://github.com/samba-team/samba.git synced 2024-12-24 21:34:56 +03:00
samba-mirror/libcli
Joseph Sutton edad945339 librpc/nbt: Avoid reading invalid member of union
WACK packets use the ‘data’ member of the ‘nbt_rdata’ union, but they
claim to be a different type — NBT_QTYPE_NETBIOS — than would normally
be used with that union member. This means that if rr_type is equal to
NBT_QTYPE_NETBIOS, ndr_push_nbt_res_rec() has to guess which type the
structure really is by examining the data member. However, if the
structure is actually of a different type, that union member will not be
valid and accessing it will invoke undefined behaviour.

To fix this, eliminate all the guesswork and introduce a new type,
NBT_QTYPE_WACK, which can never appear on the wire, and which indicates
that although the ‘data’ union member should be used, the wire type is
actually NBT_QTYPE_NETBIOS.

This means that as far as NDR is concerned, the ‘netbios’ member of the
‘nbt_rdata’ union will consistently be used for all NBT_QTYPE_NETBIOS
structures; we shall no longer access the wrong member of the union.

Credit to OSS-Fuzz.

REF: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=38480

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15019

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>

Autobuild-User(master): Douglas Bagnall <dbagnall@samba.org>
Autobuild-Date(master): Fri Jul  7 01:14:06 UTC 2023 on atb-devel-224
2023-07-07 01:14:06 +00:00
..
auth Remove rudundent check and fallback for AES CFB8 as we now require GnuTLS 3.6.13 2023-06-30 14:00:38 +00:00
cldap libcli: Don’t call memcpy() with a NULL pointer 2023-05-29 22:32:28 +00:00
dns libcli/dns: Fix TCP fallback 2022-01-20 18:01:41 +00:00
drsuapi libcli:drsuapi: Fix code spelling 2023-04-27 14:25:38 +00:00
echo s4: torture: Change torture_register_suite() to add a TALLOC_CTX *. 2017-05-05 15:52:11 +02:00
http lib/http: Remove unused structure 2023-05-05 02:54:31 +00:00
ldap libcli:ldap: Fix code spelling 2023-04-27 14:25:38 +00:00
lsarpc libcli/lsarpc: add struct trustAuthInOutBlob; forward declaration 2014-04-02 09:03:42 +02:00
named_pipe_auth rpc: Remove named_pipe_auth_req_info6->need_idle_server 2023-05-16 10:53:40 +00:00
nbt librpc/nbt: Avoid reading invalid member of union 2023-07-07 01:14:06 +00:00
netlogon libcli: Covscan: unchecked return value for file_save() 2022-05-14 03:49:32 +00:00
registry build: Make util_reg subsystem in libcli/registry a library 2011-05-18 16:12:08 +02:00
samsync smbdes: convert sam_rid_crypt() to use gnutls 2019-12-10 00:30:30 +00:00
security libcli: Simplify security_token_is_sid() 2023-06-16 16:14:30 +00:00
smb libcli/smb: Remove unused fallback case for ALLOW_GNUTLS_AEAD_CIPHER_ENCRYPTV2_AES_GCM 2023-07-04 07:42:35 +00:00
smbreadline libcli:smbreadline: Fix code spelling 2023-06-23 13:44:31 +00:00
util s4/scripting/bin: Add NT_STATUS_OK to list of definitions 2023-06-14 22:57:35 +00:00