The Samba-Bugzilla – Attachment 14566 Details for
Bug 13674
[SECURITY] CVE-2018-16851 NULL pointer de-reference in Samba AD DC LDAP server
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
patch for master
patch (text/plain), 1.28 KB, created by
Garming Sam
on 2018-11-05 03:30:59 UTC
(
hide
)
Description:
patch for master
Filename:
MIME Type:
Creator:
Garming Sam
Created:
2018-11-05 03:30:59 UTC
Size:
1.28 KB
patch
obsolete
>From be3bac771206311905eb08041d3cb155e0b82a54 Mon Sep 17 00:00:00 2001 >From: Garming Sam <garming@catalyst.net.nz> >Date: Mon, 5 Nov 2018 16:18:18 +1300 >Subject: [PATCH] ldap_server: Check ret before manipulating blob > >In the case of hitting the talloc ~256MB limit, this causes a crash in >the server. > >Note that you would actually need to load >256MB of data into the LDAP. >Although there is some generated/hidden data which would help you reach that >limit (descriptors and RMD blobs). > >Signed-off-by: Garming Sam <garming@catalyst.net.nz> >--- > source4/ldap_server/ldap_server.c | 4 ++-- > 1 file changed, 2 insertions(+), 2 deletions(-) > >diff --git a/source4/ldap_server/ldap_server.c b/source4/ldap_server/ldap_server.c >index f6329f0..7838230 100644 >--- a/source4/ldap_server/ldap_server.c >+++ b/source4/ldap_server/ldap_server.c >@@ -690,13 +690,13 @@ static void ldapsrv_call_writev_start(struct ldapsrv_call *call) > ret = data_blob_append(call, &blob, b.data, b.length); > data_blob_free(&b); > >- talloc_set_name_const(blob.data, "Outgoing, encoded LDAP packet"); >- > if (!ret) { > ldapsrv_terminate_connection(conn, "data_blob_append failed"); > return; > } > >+ talloc_set_name_const(blob.data, "Outgoing, encoded LDAP packet"); >+ > DLIST_REMOVE(call->replies, call->replies); > } > >-- >1.9.1 >
You cannot view the attachment while viewing its details because your browser does not support IFRAMEs.
View the attachment on a separate page
.
View Attachment As Raw
Actions:
View
Attachments on
bug 13674
:
14566
|
14567
|
14577
|
14596
|
14673
|
14674