31 lines
1.1 KiB
Diff
31 lines
1.1 KiB
Diff
From aa38d5314de216597df6233c2aaa4f7680de4dcb Mon Sep 17 00:00:00 2001
|
|
From: Joseph Sutton <josephsutton@catalyst.net.nz>
|
|
Date: Fri, 3 Jun 2022 16:16:31 +1200
|
|
Subject: [PATCH 18/18] CVE-2022-32745 s4/dsdb/util: Correctly copy values into
|
|
message element
|
|
|
|
To use memcpy(), we need to specify the number of bytes to copy, rather
|
|
than the number of ldb_val structures.
|
|
|
|
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15008
|
|
|
|
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
|
|
---
|
|
source4/dsdb/samdb/ldb_modules/util.c | 2 +-
|
|
1 file changed, 1 insertion(+), 1 deletion(-)
|
|
|
|
diff --git a/source4/dsdb/samdb/ldb_modules/util.c b/source4/dsdb/samdb/ldb_modules/util.c
|
|
index af412f55f98..5ccbb1b4360 100644
|
|
--- a/source4/dsdb/samdb/ldb_modules/util.c
|
|
+++ b/source4/dsdb/samdb/ldb_modules/util.c
|
|
@@ -1557,7 +1557,7 @@ int dsdb_get_expected_new_values(TALLOC_CTX *mem_ctx,
|
|
}
|
|
memcpy(v,
|
|
tmp_el->values,
|
|
- tmp_el->num_values);
|
|
+ tmp_el->num_values * sizeof(*v));
|
|
v += tmp_el->num_values;
|
|
}
|
|
}
|
|
--
|
|
2.35.0
|