The Samba-Bugzilla – Bug 12705
Incorrect memory handling in server_id_db_lookup
Last modified: 2017-08-03 04:58:45 UTC
Created attachment 13099 [details]
initial patch as sent the the mailing list (needs bug ids and other fixes)
Due to a cast in server_id_db_lookup() strv_count() will walk off the end of a zero-length talloc pointer in search of the terminating NULL.
The patch as sent to the mailing list at https://lists.samba.org/archive/samba-technical/2017-March/119461.html is included for context.
Fixed by e92a20781ca45b8696397cdef424fe8b92bee66b in master for Samba 4.7
Created attachment 13445 [details]
patch cherry-picked from master for 4.6
This may be helpful to backport, so i have done the cherry-pick.
I had to manually handle the conflicts in the knownfail.