From 5ef6e46084bdc0b98e3b3b3c042f6fac707427fb Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Thu, 15 Feb 2018 11:56:06 -0800 Subject: [PATCH] lib: util: Ensure generate_random_machine_password() can't truncate the requested length. BUG: https://bugzilla.samba.org/show_bug.cgi?id=13275 Signed-off-by: Jeremy Allison --- lib/util/genrand_util.c | 20 +++++++++++++++++++- 1 file changed, 19 insertions(+), 1 deletion(-) diff --git a/lib/util/genrand_util.c b/lib/util/genrand_util.c index 76b7cd91890..e7a9c3aa582 100644 --- a/lib/util/genrand_util.c +++ b/lib/util/genrand_util.c @@ -282,6 +282,7 @@ _PUBLIC_ char *generate_random_machine_password(TALLOC_CTX *mem_ctx, size_t min, size_t i; bool ok; int cmp; + bool got_null_value = false; if (max > 255) { errno = EINVAL; @@ -326,7 +327,24 @@ _PUBLIC_ char *generate_random_machine_password(TALLOC_CTX *mem_ctx, size_t min, * utf8 password we need to fallback to * ASCII passwords if "unix charset" is not utf8. */ - generate_secret_buffer(state->password_buffer, len * 2); + do { + generate_secret_buffer(state->password_buffer, len * 2); + /* + * Ensure the secret buffer doesn't contain an + * embedded zero value. This would truncate the + * created password string at less than len. + */ + got_null_value = false; + for (i = 0; i < len; i++) { + size_t idx = i*2; + uint16_t c = SVAL(state->password_buffer, idx); + if (c == 0) { + got_null_value = true; + break; + } + } + } while (got_null_value); + for (i = 0; i < len; i++) { size_t idx = i*2; uint16_t c; -- 2.16.1.291.g4437f3f132-goog