git.ipfire.org Git - thirdparty/samba.git/commit

author	Andrew Bartlett <abartlet@samba.org>
	Tue, 29 Oct 2019 01:15:36 +0000 (14:15 +1300)
committer	Karolin Seeger <kseeger@samba.org>
	Fri, 29 Nov 2019 10:55:44 +0000 (11:55 +0100)
commit	16405fecc403517574915a49de5f4abcaa964e21
tree	e526a16ba2395c4291759d7897c7fa58c63df6db	tree
parent	51fa9a6a805e4221120847ee9dcab6796021175a	commit \| diff

CVE-2019-14861: s4-rpc/dnsserver: Avoid crash in ldb_qsort() via dcesrv_DnssrvEnumRecords)

dns_name_compare() had logic to put @ and the top record in the tree being
enumerated first, but if a domain had both then this would break the
older qsort() implementation in ldb_qsort() and cause a read of memory
before the base pointer.

By removing this special case (not required as the base pointer
is already seperatly located, no matter were it is in the
returned records) the crash is avoided.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14138

Signed-off-by: Andrew Bartlett <abartlet@samba.org>

source4/rpc_server/dnsserver/dcerpc_dnsserver.c		diff \| blob \| blame \| history
source4/rpc_server/dnsserver/dnsdata.c		diff \| blob \| blame \| history
source4/rpc_server/dnsserver/dnsserver.h		diff \| blob \| blame \| history