From abe0c30abafbc982d4031ad3585e262bd192e452 Mon Sep 17 00:00:00 2001
From: Andrew Bartlett <abartlet@samba.org>
Date: Wed, 1 Nov 2006 03:17:23 +0000
Subject: r19520: Try not to read past the end of the ldb buffer.

Andrew Bartlett
(This used to be commit 3a103149a6c083b80f25163c0f3762f86bb496c1)
---
 source4/lib/ldb/samba/ldif_handlers.c | 11 +++++------
 1 file changed, 5 insertions(+), 6 deletions(-)

(limited to 'source4/lib/ldb')

diff --git a/source4/lib/ldb/samba/ldif_handlers.c b/source4/lib/ldb/samba/ldif_handlers.c
index 46eac2295d..42f7605385 100644
--- a/source4/lib/ldb/samba/ldif_handlers.c
+++ b/source4/lib/ldb/samba/ldif_handlers.c
@@ -80,10 +80,12 @@ static int ldif_write_objectSid(struct ldb_context *ldb, void *mem_ctx,
 
 static BOOL ldb_comparision_objectSid_isString(const struct ldb_val *v)
 {
-	/* see if the input if null-terninated */
-	if (v->data[v->length] != '\0') return False;
-	
+	if (v->length < 3) {
+		return False;
+	}
+
 	if (strncmp("S-", (const char *)v->data, 2) != 0) return False;
+	
 	return True;
 }
 
@@ -179,9 +181,6 @@ static BOOL ldb_comparision_objectGUID_isString(const struct ldb_val *v)
 	struct GUID guid;
 	NTSTATUS status;
 
-	/* see if the input if null-terninated */
-	if (v->data[v->length] != '\0') return False;
-
 	if (v->length < 33) return False;
 
 	status = GUID_from_string((const char *)v->data, &guid);
-- 
cgit