Djam/samba
1
0
Fork 0
mirror of https://abf.rosa.ru/djam/samba.git synced 2025-02-23 17:12:48 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions
samba/0006-CVE-2020-14383-s4-dns-do-not-crash-when-additional-d.patch
Mikhail Novosyolov fbf706aaa1 Backport fixes of CVE-2020-14318, CVE-2020-14323 and CVE-2020-14383 
(samba 4.10 is now not supported by upstream)
2020-11-01 22:46:34 +03:00

62 lines
2.2 KiB
Diff
Raw Permalink Blame History

From 6c480f368659f640d7f35eb2fee6e5d58f80a26f Mon Sep 17 00:00:00 2001
From: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Date: Fri, 21 Aug 2020 17:23:17 +1200
Subject: [PATCH 6/6] CVE-2020-14383: s4/dns: do not crash when additional data
not found
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Found by Francis Brosnan Blázquez <francis@aspl.es>.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14472
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12795
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Douglas Bagnall <dbagnall@samba.org>
Autobuild-Date(master): Mon Aug 24 00:21:41 UTC 2020 on sn-devel-184
(based on commit df98e7db04c901259dd089e20cd557bdbdeaf379)
Signed-off-by: Mikhail Novosyolov <m.novosyolov@rosalinux.ru>
---
source4/rpc_server/dnsserver/dcerpc_dnsserver.c | 7 ++++---
1 file changed, 4 insertions(+), 3 deletions(-)
diff --git a/source4/rpc_server/dnsserver/dcerpc_dnsserver.c b/source4/rpc_server/dnsserver/dcerpc_dnsserver.c
index 80cd1c59d01..618c70968a1 100644
--- a/source4/rpc_server/dnsserver/dcerpc_dnsserver.c
+++ b/source4/rpc_server/dnsserver/dcerpc_dnsserver.c
@@ -1854,8 +1854,8 @@ static WERROR dnsserver_enumerate_records(struct dnsserver_state *dsstate,
/* Add any additional records */
if (select_flag & DNS_RPC_VIEW_ADDITIONAL_DATA) {
for (i=0; i<add_count; i++) {
- struct dnsserver_zone *z2;
-
+ struct dnsserver_zone *z2 = NULL;
+ struct ldb_message *msg = NULL;
/* Search all the available zones for additional name */
for (z2 = dsstate->zones; z2; z2 = z2->next) {
char *encoded_name;
@@ -1872,6 +1872,7 @@ static WERROR dnsserver_enumerate_records(struct dnsserver_state *dsstate,
continue;
}
if (res->count == 1) {
+ msg = res->msgs[0];
break;
} else {
TALLOC_FREE(res);
@@ -1887,7 +1888,7 @@ static WERROR dnsserver_enumerate_records(struct dnsserver_state *dsstate,
}
status = dns_fill_records_array(tmp_ctx, NULL, DNS_TYPE_A,
select_flag, rname,
- res->msgs[0], 0, recs,
+ msg, 0, recs,
NULL, NULL);
TALLOC_FREE(rname);
TALLOC_FREE(res);
--
2.25.1
Reference in a new issue View git blame Copy permalink