From: Andrew Bartlett <abartlet@samba.org>
Date: Tue, 5 May 2020 00:54:59 +0000 (+1200)
Subject: CVE-2020-10730: vlv: Use strcmp(), not strncmp() checking the NULL terminated control... 
X-Git-Tag: ldb-1.5.8~10
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=3ca77e3edc0ba2c9dd3f2c0394f8c2f799d989b9;p=thirdparty%2Fsamba.git

CVE-2020-10730: vlv: Use strcmp(), not strncmp() checking the NULL terminated control OIDs

The end result is the same, as sizeof() includes the trailing NUL, but this
avoids having to think about that.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14364

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
---

diff --git a/source4/dsdb/samdb/ldb_modules/vlv_pagination.c b/source4/dsdb/samdb/ldb_modules/vlv_pagination.c
index 980177cb05e..31e64b4bd78 100644
--- a/source4/dsdb/samdb/ldb_modules/vlv_pagination.c
+++ b/source4/dsdb/samdb/ldb_modules/vlv_pagination.c
@@ -682,8 +682,8 @@ vlv_copy_down_controls(TALLOC_CTX *mem_ctx, struct ldb_control **controls)
 		if (control->oid == NULL) {
 			break;
 		}
-		if (strncmp(control->oid, LDB_CONTROL_VLV_REQ_OID, sizeof(LDB_CONTROL_VLV_REQ_OID)) == 0 ||
-		    strncmp(control->oid, LDB_CONTROL_SERVER_SORT_OID, sizeof(LDB_CONTROL_SERVER_SORT_OID)) == 0) {
+		if (strcmp(control->oid, LDB_CONTROL_VLV_REQ_OID) == 0 ||
+		    strcmp(control->oid, LDB_CONTROL_SERVER_SORT_OID) == 0) {
 			continue;
 		}
 		new_controls[j] = talloc_steal(new_controls, control);