From: Pavel Filipenský Date: Fri, 4 Oct 2024 08:31:03 +0000 (+0200) Subject: s3:g_lock: Do not let pointers to point outside the input buffer X-Git-Tag: tdb-1.4.13~1015 X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=c75b08c0d6417792aba0027b67a29eda43f6b00d;p=thirdparty%2Fsamba.git s3:g_lock: Do not let pointers to point outside the input buffer If num_shared == 0 the shared points at the address outside the buf. Make it NULL instead. (gdb) p *lck $33 = { exclusive = { pid = 1187098, task_id = 0, vnn = 4294967295, unique_id = 7349874180613937639 }, num_shared = 0, shared = 0x555555646980 "@kdUUU", unique_lock_epoch = 1489043017590848833, unique_data_epoch = 11232048132975083808, datalen = 0, data = 0x555555646980 "@kdUUU" } Same for datalen & data. Signed-off-by: Pavel Filipenský Reviewed-by: Volker Lendecke Autobuild-User(master): Pavel Filipensky Autobuild-Date(master): Sat Oct 5 14:44:46 UTC 2024 on atb-devel-224 --- diff --git a/source3/lib/g_lock.c b/source3/lib/g_lock.c index 77b8287273b..28181a9f18a 100644 --- a/source3/lib/g_lock.c +++ b/source3/lib/g_lock.c @@ -53,7 +53,7 @@ struct g_lock { static bool g_lock_parse(uint8_t *buf, size_t buflen, struct g_lock *lck) { struct server_id exclusive; - size_t num_shared, shared_len; + size_t num_shared, shared_len, data_len; uint64_t unique_lock_epoch; uint64_t unique_data_epoch; @@ -94,15 +94,16 @@ static bool g_lock_parse(uint8_t *buf, size_t buflen, struct g_lock *lck) } shared_len = num_shared * SERVER_ID_BUF_LENGTH; + data_len = buflen - shared_len; *lck = (struct g_lock) { .exclusive = exclusive, .num_shared = num_shared, - .shared = buf, + .shared = num_shared == 0 ? NULL : buf, .unique_lock_epoch = unique_lock_epoch, .unique_data_epoch = unique_data_epoch, - .datalen = buflen-shared_len, - .data = buf+shared_len, + .datalen = data_len, + .data = data_len == 0 ? NULL : buf + shared_len, }; return true;