36 lines
1.4 KiB
Diff
36 lines
1.4 KiB
Diff
From b8628cb44766ac4c4817b1a50f09ca316425bd8b Mon Sep 17 00:00:00 2001
|
|
From: Andrew Bartlett <abartlet@samba.org>
|
|
Date: Tue, 5 May 2020 12:54:59 +1200
|
|
Subject: [PATCH 01/22] CVE-2020-10730: vlv: Use strcmp(), not strncmp()
|
|
checking the NULL terminated control OIDs
|
|
|
|
The end result is the same, as sizeof() includes the trailing NUL, but this
|
|
avoids having to think about that.
|
|
|
|
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14364
|
|
|
|
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
|
|
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
|
|
---
|
|
source4/dsdb/samdb/ldb_modules/vlv_pagination.c | 4 ++--
|
|
1 file changed, 2 insertions(+), 2 deletions(-)
|
|
|
|
diff --git a/source4/dsdb/samdb/ldb_modules/vlv_pagination.c b/source4/dsdb/samdb/ldb_modules/vlv_pagination.c
|
|
index 980177cb05e..31e64b4bd78 100644
|
|
--- a/source4/dsdb/samdb/ldb_modules/vlv_pagination.c
|
|
+++ b/source4/dsdb/samdb/ldb_modules/vlv_pagination.c
|
|
@@ -682,8 +682,8 @@ vlv_copy_down_controls(TALLOC_CTX *mem_ctx, struct ldb_control **controls)
|
|
if (control->oid == NULL) {
|
|
break;
|
|
}
|
|
- if (strncmp(control->oid, LDB_CONTROL_VLV_REQ_OID, sizeof(LDB_CONTROL_VLV_REQ_OID)) == 0 ||
|
|
- strncmp(control->oid, LDB_CONTROL_SERVER_SORT_OID, sizeof(LDB_CONTROL_SERVER_SORT_OID)) == 0) {
|
|
+ if (strcmp(control->oid, LDB_CONTROL_VLV_REQ_OID) == 0 ||
|
|
+ strcmp(control->oid, LDB_CONTROL_SERVER_SORT_OID) == 0) {
|
|
continue;
|
|
}
|
|
new_controls[j] = talloc_steal(new_controls, control);
|
|
--
|
|
2.17.1
|
|
|