summaryrefslogtreecommitdiff
path: root/source4
diff options
context:
space:
mode:
authorAndrew Tridgell <tridge@samba.org>2011-08-09 16:50:51 +1000
committerAndrew Bartlett <abartlet@samba.org>2011-08-09 11:56:23 +0200
commit6853b3a805938ca6fdc69a35d9fdcefb1338101f (patch)
tree3a63afe33d7d1eebc012bbc8572db0901bdaa79b /source4
parentcba88a2b623e47cf97885bd45387049da1105930 (diff)
downloadsamba-6853b3a805938ca6fdc69a35d9fdcefb1338101f.tar.gz
samba-6853b3a805938ca6fdc69a35d9fdcefb1338101f.tar.bz2
samba-6853b3a805938ca6fdc69a35d9fdcefb1338101f.zip
s4-dsdb: fixed booling conversion to check value length
this ensures we don't look past the end of the data Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
Diffstat (limited to 'source4')
-rw-r--r--source4/dsdb/schema/schema_syntax.c25
1 files changed, 14 insertions, 11 deletions
diff --git a/source4/dsdb/schema/schema_syntax.c b/source4/dsdb/schema/schema_syntax.c
index 501ab3aded..e875bee924 100644
--- a/source4/dsdb/schema/schema_syntax.c
+++ b/source4/dsdb/schema/schema_syntax.c
@@ -229,9 +229,11 @@ static WERROR dsdb_syntax_BOOL_ldb_to_drsuapi(const struct dsdb_syntax_ctx *ctx,
blobs[i] = data_blob_talloc(blobs, NULL, 4);
W_ERROR_HAVE_NO_MEMORY(blobs[i].data);
- if (strcmp("TRUE", (const char *)in->values[i].data) == 0) {
+ if (in->values[i].length >= 4 &&
+ strncmp("TRUE", (const char *)in->values[i].data, in->values[i].length) == 0) {
SIVAL(blobs[i].data, 0, 0x00000001);
- } else if (strcmp("FALSE", (const char *)in->values[i].data) == 0) {
+ } else if (in->values[i].length >= 5 &&
+ strncmp("FALSE", (const char *)in->values[i].data, in->values[i].length) == 0) {
SIVAL(blobs[i].data, 0, 0x00000000);
} else {
return WERR_FOOBAR;
@@ -252,22 +254,23 @@ static WERROR dsdb_syntax_BOOL_validate_ldb(const struct dsdb_syntax_ctx *ctx,
}
for (i=0; i < in->num_values; i++) {
- int t, f;
-
if (in->values[i].length == 0) {
return WERR_DS_INVALID_ATTRIBUTE_SYNTAX;
}
- t = strncmp("TRUE",
+ if (in->values[i].length >= 4 &&
+ strncmp("TRUE",
(const char *)in->values[i].data,
- in->values[i].length);
- f = strncmp("FALSE",
+ in->values[i].length) == 0) {
+ continue;
+ }
+ if (in->values[i].length >= 5 &&
+ strncmp("FALSE",
(const char *)in->values[i].data,
- in->values[i].length);
-
- if (t != 0 && f != 0) {
- return WERR_DS_INVALID_ATTRIBUTE_SYNTAX;
+ in->values[i].length) == 0) {
+ continue;
}
+ return WERR_DS_INVALID_ATTRIBUTE_SYNTAX;
}
return WERR_OK;