Bug 13791 - Buffer written beyond limit in CTDB socket code
Summary: Buffer written beyond limit in CTDB socket code
Alias: None
Product: Samba 4.1 and newer
Classification: Unclassified
Component: CTDB (show other bugs)
Version: 4.10.0rc2
Hardware: All All
: P5 regression (vote)
Target Milestone: ---
Assignee: Karolin Seeger
QA Contact: Samba QA Contact
Depends on:
Reported: 2019-02-17 11:13 UTC by Martin Schwenke
Modified: 2019-03-06 08:54 UTC (History)
1 user (show)

See Also:

Patch for 4.10 (7.82 KB, patch)
2019-02-22 04:06 UTC, Martin Schwenke
amitay: review+

Note You need to log in before you can comment on or make changes to this bug.
Description Martin Schwenke 2019-02-17 11:13:41 UTC
Commit 25ca111abac7f095ad65402316f4091aa51743c5 introduced an overflow of a buffer in CTDB's socket handling code.  The buffer offset is not taken into account when calculating the number of bytes to read from the socket.
Comment 1 Martin Schwenke 2019-02-20 03:26:59 UTC
Updating version to 4.10rcX.  I thought this was out there already in 4.9.x but it isn't.
Comment 2 Martin Schwenke 2019-02-22 04:06:45 UTC
Created attachment 14861 [details]
Patch for 4.10
Comment 3 Amitay Isaacs 2019-02-25 01:21:17 UTC
Hi Karolin,

This is ready for V4-10.
Comment 4 Karolin Seeger 2019-03-04 10:29:50 UTC
(In reply to Amitay Isaacs from comment #3)
Pushed to autobuild-v4-10-test.
Comment 5 Karolin Seeger 2019-03-06 08:54:21 UTC
(In reply to Karolin Seeger from comment #4)
Pushed to v4-10-test.
Closing out bug report.