diff options
author | Andrew Tridgell <tridge@samba.org> | 2011-08-09 16:50:51 +1000 |
---|---|---|
committer | Andrew Bartlett <abartlet@samba.org> | 2011-08-09 11:56:23 +0200 |
commit | 6853b3a805938ca6fdc69a35d9fdcefb1338101f (patch) | |
tree | 3a63afe33d7d1eebc012bbc8572db0901bdaa79b /source4 | |
parent | cba88a2b623e47cf97885bd45387049da1105930 (diff) | |
download | samba-6853b3a805938ca6fdc69a35d9fdcefb1338101f.tar.gz samba-6853b3a805938ca6fdc69a35d9fdcefb1338101f.tar.bz2 samba-6853b3a805938ca6fdc69a35d9fdcefb1338101f.zip |
s4-dsdb: fixed booling conversion to check value length
this ensures we don't look past the end of the data
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
Diffstat (limited to 'source4')
-rw-r--r-- | source4/dsdb/schema/schema_syntax.c | 25 |
1 files changed, 14 insertions, 11 deletions
diff --git a/source4/dsdb/schema/schema_syntax.c b/source4/dsdb/schema/schema_syntax.c index 501ab3aded..e875bee924 100644 --- a/source4/dsdb/schema/schema_syntax.c +++ b/source4/dsdb/schema/schema_syntax.c @@ -229,9 +229,11 @@ static WERROR dsdb_syntax_BOOL_ldb_to_drsuapi(const struct dsdb_syntax_ctx *ctx, blobs[i] = data_blob_talloc(blobs, NULL, 4); W_ERROR_HAVE_NO_MEMORY(blobs[i].data); - if (strcmp("TRUE", (const char *)in->values[i].data) == 0) { + if (in->values[i].length >= 4 && + strncmp("TRUE", (const char *)in->values[i].data, in->values[i].length) == 0) { SIVAL(blobs[i].data, 0, 0x00000001); - } else if (strcmp("FALSE", (const char *)in->values[i].data) == 0) { + } else if (in->values[i].length >= 5 && + strncmp("FALSE", (const char *)in->values[i].data, in->values[i].length) == 0) { SIVAL(blobs[i].data, 0, 0x00000000); } else { return WERR_FOOBAR; @@ -252,22 +254,23 @@ static WERROR dsdb_syntax_BOOL_validate_ldb(const struct dsdb_syntax_ctx *ctx, } for (i=0; i < in->num_values; i++) { - int t, f; - if (in->values[i].length == 0) { return WERR_DS_INVALID_ATTRIBUTE_SYNTAX; } - t = strncmp("TRUE", + if (in->values[i].length >= 4 && + strncmp("TRUE", (const char *)in->values[i].data, - in->values[i].length); - f = strncmp("FALSE", + in->values[i].length) == 0) { + continue; + } + if (in->values[i].length >= 5 && + strncmp("FALSE", (const char *)in->values[i].data, - in->values[i].length); - - if (t != 0 && f != 0) { - return WERR_DS_INVALID_ATTRIBUTE_SYNTAX; + in->values[i].length) == 0) { + continue; } + return WERR_DS_INVALID_ATTRIBUTE_SYNTAX; } return WERR_OK; |