mykola/freebsd-ports
1
0
Fork 0
forked from Lainports/freebsd-ports
Code Pull requests Activity
freebsd-ports/net/samba413/files/0014-CVE-2023-34968-mdscli-remove-response-blob-allocatio.patch
Michael Osipov fe49557452
net/samba413: back port security fixes from 4.16.11 
The security defects addressed in these fixes are described at
https://www.samba.org/samba/history/samba-4.16.11.html

PR:		273595
Approved by:	maintainer timeout
2023-10-02 10:15:28 -03:00

86 lines
2.6 KiB
Diff
Raw Blame History

From 842c888b48b3244d30410b7f7df16e2356b0f5a2 Mon Sep 17 00:00:00 2001
From: Ralph Boehme <slow@samba.org>
Date: Mon, 19 Jun 2023 18:28:41 +0200
Subject: [PATCH 14/21] CVE-2023-34968: mdscli: remove response blob allocation
This is handled by the NDR code transparently.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15388
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
---
source3/rpc_client/cli_mdssvc.c | 36 ---------------------------------
1 file changed, 36 deletions(-)
diff --git a/source3/rpc_client/cli_mdssvc.c b/source3/rpc_client/cli_mdssvc.c
index 82d14372fe4..07c19b51dd4 100644
--- a/source3/rpc_client/cli_mdssvc.c
+++ b/source3/rpc_client/cli_mdssvc.c
@@ -276,15 +276,6 @@ struct tevent_req *mdscli_search_send(TALLOC_CTX *mem_ctx,
return tevent_req_post(req, ev);
}
- state->response_blob.spotlight_blob = talloc_array(
- state,
- uint8_t,
- mdscli_ctx->max_fragment_size);
- if (tevent_req_nomem(state->response_blob.spotlight_blob, req)) {
- return tevent_req_post(req, ev);
- }
- state->response_blob.size = mdscli_ctx->max_fragment_size;
-
subreq = dcerpc_mdssvc_cmd_send(state,
ev,
mdscli_ctx->bh,
@@ -457,15 +448,6 @@ struct tevent_req *mdscli_get_results_send(
return tevent_req_post(req, ev);
}
- state->response_blob.spotlight_blob = talloc_array(
- state,
- uint8_t,
- mdscli_ctx->max_fragment_size);
- if (tevent_req_nomem(state->response_blob.spotlight_blob, req)) {
- return tevent_req_post(req, ev);
- }
- state->response_blob.size = mdscli_ctx->max_fragment_size;
-
subreq = dcerpc_mdssvc_cmd_send(state,
ev,
mdscli_ctx->bh,
@@ -681,15 +663,6 @@ struct tevent_req *mdscli_get_path_send(TALLOC_CTX *mem_ctx,
return tevent_req_post(req, ev);
}
- state->response_blob.spotlight_blob = talloc_array(
- state,
- uint8_t,
- mdscli_ctx->max_fragment_size);
- if (tevent_req_nomem(state->response_blob.spotlight_blob, req)) {
- return tevent_req_post(req, ev);
- }
- state->response_blob.size = mdscli_ctx->max_fragment_size;
-
subreq = dcerpc_mdssvc_cmd_send(state,
ev,
mdscli_ctx->bh,
@@ -852,15 +825,6 @@ struct tevent_req *mdscli_close_search_send(TALLOC_CTX *mem_ctx,
return tevent_req_post(req, ev);
}
- state->response_blob.spotlight_blob = talloc_array(
- state,
- uint8_t,
- mdscli_ctx->max_fragment_size);
- if (tevent_req_nomem(state->response_blob.spotlight_blob, req)) {
- return tevent_req_post(req, ev);
- }
- state->response_blob.size = mdscli_ctx->max_fragment_size;
-
subreq = dcerpc_mdssvc_cmd_send(state,
ev,
mdscli_ctx->bh,
--
2.41.0
View git blame Copy permalink