From: Joseph Sutton <josephsutton@catalyst.net.nz>
Date: Fri, 6 Oct 2023 00:54:02 +0000 (+1300)
Subject: tdb: Do not pass non–null‐terminated strings to strcmp() (CID 1449485)
X-Git-Tag: tevent-0.16.0~75
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=757cd49b8445f22c2c19380e948e7aba5a76399a;p=thirdparty%2Fsamba.git

tdb: Do not pass non–null‐terminated strings to strcmp() (CID 1449485)

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
---

diff --git a/lib/tdb/common/open.c b/lib/tdb/common/open.c
index 10233591dad..3fa7ce1389d 100644
--- a/lib/tdb/common/open.c
+++ b/lib/tdb/common/open.c
@@ -513,7 +513,13 @@ _PUBLIC_ struct tdb_context *tdb_open_ex(const char *name, int hash_size, int td
 
 	errno = 0;
 	if (read(tdb->fd, &header, sizeof(header)) != sizeof(header)
-	    || strcmp(header.magic_food, TDB_MAGIC_FOOD) != 0) {
+	    /*
+	     * Call strncmp() rather than strcmp() in case header.magic_food is
+	     * not zero‐terminated. We’re still checking the full string for
+	     * equality, as tdb_header::magic_food is larger than
+	     * TDB_MAGIC_FOOD.
+	     */
+	    || strncmp(header.magic_food, TDB_MAGIC_FOOD, sizeof(header.magic_food)) != 0) {
 		if (!(open_flags & O_CREAT) ||
 		    tdb_new_database(tdb, &header, hash_size) == -1) {
 			if (errno == 0) {