There is a talloc limit of around 256MB which means that we can't send this much data across LDAP (all messages are aggregated on a single context). This would be fine, except that we forgot the error check before using the memory. This means that a database which can return more than 256MB of LDAP encoded data can be made to crash.
Created attachment 14566 [details] patch for master
Created attachment 14567 [details] security advisory text
Created attachment 14577 [details] patch for master, 4.7, 4.8 and 4.9 with CVE
Created attachment 14596 [details] updated advisory with release versions
Opening bug report for vendors. Planned release date is Tuesday, November 27 2018.
Created attachment 14673 [details] updated advisory with CVE number
Created attachment 14674 [details] updated advisory with CVE number
(In reply to Karolin Seeger from comment #8) I don't see any change here. What was the issue?
The patch applies to Samba 4.5 (and likely most other versions).
(In reply to Andrew Bartlett from comment #10) I can also confirm the patch passes a full autobuild on the Catalyst Cloud against Samba 4.5.16.
Samba 4.9.3, 4.8.7 and 4.7.12 have been shipped to address this defect.
Pushed to autobuild-master.
Pushed to master. Closing out bug report. Thanks!