CVE-2023-34968: mdscli: remove response blob allocation

This is handled by the NDR code transparently.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15388

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>

diff --git a/source3/rpc_client/cli_mdssvc.c b/source3/rpc_client/cli_mdssvc.c
index 82d14372fe45938accad71842fb9cfe38a280ce2..07c19b51dd492937e9b069af9aaff8f45298bde0 100644 (file)
--- a/source3/rpc_client/cli_mdssvc.c
+++ b/source3/rpc_client/cli_mdssvc.c
@@ -276,15 +276,6 @@ struct tevent_req *mdscli_search_send(TALLOC_CTX *mem_ctx,
                return tevent_req_post(req, ev);
        }
 
-       state->response_blob.spotlight_blob = talloc_array(
-               state,
-               uint8_t,
-               mdscli_ctx->max_fragment_size);
-       if (tevent_req_nomem(state->response_blob.spotlight_blob, req)) {
-               return tevent_req_post(req, ev);
-       }
-       state->response_blob.size = mdscli_ctx->max_fragment_size;
-
        subreq = dcerpc_mdssvc_cmd_send(state,
                                        ev,
                                        mdscli_ctx->bh,
@@ -457,15 +448,6 @@ struct tevent_req *mdscli_get_results_send(
                return tevent_req_post(req, ev);
        }
 
-       state->response_blob.spotlight_blob = talloc_array(
-               state,
-               uint8_t,
-               mdscli_ctx->max_fragment_size);
-       if (tevent_req_nomem(state->response_blob.spotlight_blob, req)) {
-               return tevent_req_post(req, ev);
-       }
-       state->response_blob.size = mdscli_ctx->max_fragment_size;
-
        subreq = dcerpc_mdssvc_cmd_send(state,
                                        ev,
                                        mdscli_ctx->bh,
@@ -681,15 +663,6 @@ struct tevent_req *mdscli_get_path_send(TALLOC_CTX *mem_ctx,
                return tevent_req_post(req, ev);
        }
 
-       state->response_blob.spotlight_blob = talloc_array(
-               state,
-               uint8_t,
-               mdscli_ctx->max_fragment_size);
-       if (tevent_req_nomem(state->response_blob.spotlight_blob, req)) {
-               return tevent_req_post(req, ev);
-       }
-       state->response_blob.size = mdscli_ctx->max_fragment_size;
-
        subreq = dcerpc_mdssvc_cmd_send(state,
                                        ev,
                                        mdscli_ctx->bh,
@@ -852,15 +825,6 @@ struct tevent_req *mdscli_close_search_send(TALLOC_CTX *mem_ctx,
                return tevent_req_post(req, ev);
        }
 
-       state->response_blob.spotlight_blob = talloc_array(
-               state,
-               uint8_t,
-               mdscli_ctx->max_fragment_size);
-       if (tevent_req_nomem(state->response_blob.spotlight_blob, req)) {
-               return tevent_req_post(req, ev);
-       }
-       state->response_blob.size = mdscli_ctx->max_fragment_size;
-
        subreq = dcerpc_mdssvc_cmd_send(state,
                                        ev,
                                        mdscli_ctx->bh,