From: Jo Sutton <josutton@catalyst.net.nz>
Date: Thu, 11 Jan 2024 21:43:39 +0000 (+1300)
Subject: s4:dsdb: Avoid buffer overflow in samdb_result_hashes()
X-Git-Tag: tdb-1.4.11~1785
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=cf978d3e9fef1db1b5200de500c81d9de7f87572;p=thirdparty%2Fsamba.git

s4:dsdb: Avoid buffer overflow in samdb_result_hashes()

Signed-off-by: Jo Sutton <josutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
---

diff --git a/source4/dsdb/common/util.c b/source4/dsdb/common/util.c
index e6e18b15eef..fe63e18c35c 100644
--- a/source4/dsdb/common/util.c
+++ b/source4/dsdb/common/util.c
@@ -558,6 +558,13 @@ unsigned int samdb_result_hashes(TALLOC_CTX *mem_ctx, const struct ldb_message *
 	if (!val) {
 		return 0;
 	}
+	if (val->length % 16 != 0) {
+		/*
+		 * The length is wrong. Don’t try to read beyond the end of the
+		 * buffer.
+		 */
+		return 0;
+	}
 	count = val->length / 16;
 	if (count == 0) {
 		return 0;