From: Gary Lockyer <gary@catalyst.net.nz>
Date: Mon, 18 Feb 2019 21:25:24 +0000 (+1300)
Subject: CVE-2019-3824 ldb: ldb_parse_tree use talloc_zero
X-Git-Tag: ldb-1.2.4~4
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=e71cdbe57b5c86e597f1c007c07c66df652038c5;p=thirdparty%2Fsamba.git

CVE-2019-3824 ldb: ldb_parse_tree use talloc_zero

Initialise the created ldb_parse_tree with talloc_zero, this ensures
that it is correctly initialised if inadvertently passed to a function
expecting a different operation type.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13773

Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
---

diff --git a/lib/ldb/common/ldb_parse.c b/lib/ldb/common/ldb_parse.c
index 5fa5a74afa9..db420091311 100644
--- a/lib/ldb/common/ldb_parse.c
+++ b/lib/ldb/common/ldb_parse.c
@@ -389,7 +389,7 @@ static struct ldb_parse_tree *ldb_parse_simple(TALLOC_CTX *mem_ctx, const char *
 	struct ldb_parse_tree *ret;
 	enum ldb_parse_op filtertype;
 
-	ret = talloc(mem_ctx, struct ldb_parse_tree);
+	ret = talloc_zero(mem_ctx, struct ldb_parse_tree);
 	if (!ret) {
 		errno = ENOMEM;
 		return NULL;