From: Ralph Boehme Date: Wed, 7 Aug 2019 12:02:12 +0000 (+0200) Subject: s3:mdssvc: fix unmarshalling of empty CNID array X-Git-Tag: tdb-1.4.2~215 X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=b34fd5b9978904ef0b316ba11564691fdac5316c;p=thirdparty%2Fsamba.git s3:mdssvc: fix unmarshalling of empty CNID array len=0 is invalid, len=8 is an empty array, len>8 is an array with members, so for the len=8 case we must add the empty cnid array. Signed-off-by: Ralph Boehme Reviewed-by: Jeremy Allison --- diff --git a/selftest/knownfail.d/samba4.local.mdspkt b/selftest/knownfail.d/samba4.local.mdspkt deleted file mode 100644 index fcfc083cd15..00000000000 --- a/selftest/knownfail.d/samba4.local.mdspkt +++ /dev/null @@ -1 +0,0 @@ -^samba4.local.mdspkt.empty_cnid_fm\(none\) diff --git a/source3/rpc_server/mdssvc/marshalling.c b/source3/rpc_server/mdssvc/marshalling.c index 8fa7f173228..1aa750413cd 100644 --- a/source3/rpc_server/mdssvc/marshalling.c +++ b/source3/rpc_server/mdssvc/marshalling.c @@ -847,12 +847,17 @@ static int sl_unpack_CNID(DALLOC_CTX *query, return -1; } - if (length <= 16) { + if (length < 8) { + return -1; + } + if (length == 8) { /* - * That's permitted, iirc length = 16 is an empty - * array, so anything lesser then 16 should probably - * be treated as an error, but I'm not quite sure. + * That's permitted, length=8 is an empty CNID array. */ + result = dalloc_add(query, cnids, sl_cnids_t); + if (result != 0) { + return -1; + } return 0; }