packages/samba
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
samba/CVE-2020-10745-5.patch

55 lines
2.1 KiB
Diff
Raw Blame History

From 507503f80e8913450364dcd8ab080f3211b6f855 Mon Sep 17 00:00:00 2001
From: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Date: Sat, 25 Apr 2020 11:10:18 +1200
Subject: [PATCH 16/22] CVE-2020-10745: ndr_dns: do not allow consecutive dots
The empty subdomain component is reserved for the root domain, which we
should only (and always) see at the end of the list. That is, we expect
"example.com.", but never "example..com".
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14378
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
---
librpc/ndr/ndr_dns_utils.c | 6 ++++++
selftest/knownfail.d/dns_packet | 1 -
selftest/knownfail.d/ndr_dns_nbt | 1 -
3 files changed, 6 insertions(+), 2 deletions(-)
diff --git a/librpc/ndr/ndr_dns_utils.c b/librpc/ndr/ndr_dns_utils.c
index 2ce300863bc..6931dac422d 100644
--- a/librpc/ndr/ndr_dns_utils.c
+++ b/librpc/ndr/ndr_dns_utils.c
@@ -58,6 +58,12 @@ enum ndr_err_code ndr_push_dns_string_list(struct ndr_push *ndr,
(unsigned)complen);
}
+ if (complen == 0 && s[complen] == '.') {
+ return ndr_push_error(ndr, NDR_ERR_STRING,
+ "component length is 0 "
+ "(consecutive dots)");
+ }
+
compname = talloc_asprintf(ndr, "%c%*.*s",
(unsigned char)complen,
(unsigned char)complen,
diff --git a/selftest/knownfail.d/dns_packet b/selftest/knownfail.d/dns_packet
index 6e2e5a699de..0662266f689 100644
--- a/selftest/knownfail.d/dns_packet
+++ b/selftest/knownfail.d/dns_packet
@@ -1,2 +1 @@
-samba.tests.dns_packet.samba.tests.dns_packet.TestDnsPackets.test_127_very_dotty_components
samba.tests.dns_packet.samba.tests.dns_packet.TestNbtPackets.test_127_very_dotty_components
diff --git a/selftest/knownfail.d/ndr_dns_nbt b/selftest/knownfail.d/ndr_dns_nbt
index f30217c4033..e11c121b7a7 100644
--- a/selftest/knownfail.d/ndr_dns_nbt
+++ b/selftest/knownfail.d/ndr_dns_nbt
@@ -1,4 +1,3 @@
-librpc.ndr.ndr_dns_nbt.test_ndr_dns_string_all_dots
librpc.ndr.ndr_dns_nbt.test_ndr_dns_string_half_dots
librpc.ndr.ndr_dns_nbt.test_ndr_nbt_string_all_dots
librpc.ndr.ndr_dns_nbt.test_ndr_nbt_string_half_dots
--
2.17.1
Reference in New Issue View Git Blame Copy Permalink