From: Andreas Schneider <asn@samba.org>
Date: Thu, 22 Nov 2018 12:57:18 +0000 (+0100)
Subject: s3:lib: Fix undefined behavior in messages_dgm
X-Git-Tag: tdb-1.3.17~668
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=502f56c1ce0077cf31b64831ae787cf91ffc4ab1;p=thirdparty%2Fsamba.git

s3:lib: Fix undefined behavior in messages_dgm

source3/lib/messages_dgm.c:1290:7: runtime error: variable length array
bound evaluates to non-positive value 0

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
---

diff --git a/source3/lib/messages_dgm.c b/source3/lib/messages_dgm.c
index daaad9619e0..af12be8d82e 100644
--- a/source3/lib/messages_dgm.c
+++ b/source3/lib/messages_dgm.c
@@ -1249,6 +1249,7 @@ static void messaging_dgm_read_handler(struct tevent_context *ev,
 	size_t msgbufsize = msghdr_prep_recv_fds(NULL, NULL, 0, INT8_MAX);
 	uint8_t msgbuf[msgbufsize];
 	uint8_t buf[MESSAGING_DGM_FRAGMENT_LENGTH];
+	size_t num_fds;
 
 	messaging_dgm_validate(ctx);
 
@@ -1284,8 +1285,12 @@ static void messaging_dgm_read_handler(struct tevent_context *ev,
 		return;
 	}
 
-	{
-		size_t num_fds = msghdr_extract_fds(&msg, NULL, 0);
+	num_fds = msghdr_extract_fds(&msg, NULL, 0);
+	if (num_fds == 0) {
+		int fds[1];
+
+		messaging_dgm_recv(ctx, ev, buf, received, fds, 0);
+	} else {
 		size_t i;
 		int fds[num_fds];
 
@@ -1303,7 +1308,6 @@ static void messaging_dgm_read_handler(struct tevent_context *ev,
 
 		messaging_dgm_recv(ctx, ev, buf, received, fds, num_fds);
 	}
-
 }
 
 static int messaging_dgm_in_msg_destructor(struct messaging_dgm_in_msg *m)