56 lines
1.8 KiB
Diff
56 lines
1.8 KiB
Diff
From 449f1280b718c6da3b8e309fe124be4e9bfd8184 Mon Sep 17 00:00:00 2001
|
|
From: Ralph Boehme <slow@samba.org>
|
|
Date: Tue, 20 Jun 2023 11:35:41 +0200
|
|
Subject: [PATCH 12/28] CVE-2023-34968: rpcclient: remove response blob
|
|
allocation
|
|
|
|
This is alreay done by NDR for us.
|
|
|
|
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15388
|
|
|
|
Signed-off-by: Ralph Boehme <slow@samba.org>
|
|
Reviewed-by: Stefan Metzmacher <metze@samba.org>
|
|
|
|
Conflict: NA
|
|
Reference: https://download.samba.org/pub/samba/patches/security/samba-4.17.10-security-2023-07-19.patch
|
|
---
|
|
source3/rpcclient/cmd_spotlight.c | 16 ----------------
|
|
1 file changed, 16 deletions(-)
|
|
|
|
diff --git a/source3/rpcclient/cmd_spotlight.c b/source3/rpcclient/cmd_spotlight.c
|
|
index 24db9893df6..64fe321089c 100644
|
|
--- a/source3/rpcclient/cmd_spotlight.c
|
|
+++ b/source3/rpcclient/cmd_spotlight.c
|
|
@@ -144,13 +144,6 @@ static NTSTATUS cmd_mdssvc_fetch_properties(
|
|
}
|
|
request_blob.size = max_fragment_size;
|
|
|
|
- response_blob.spotlight_blob = talloc_array(mem_ctx, uint8_t, max_fragment_size);
|
|
- if (response_blob.spotlight_blob == NULL) {
|
|
- status = NT_STATUS_INTERNAL_ERROR;
|
|
- goto done;
|
|
- }
|
|
- response_blob.size = max_fragment_size;
|
|
-
|
|
len = sl_pack(d, (char *)request_blob.spotlight_blob, request_blob.size);
|
|
if (len == -1) {
|
|
status = NT_STATUS_INTERNAL_ERROR;
|
|
@@ -368,15 +361,6 @@ static NTSTATUS cmd_mdssvc_fetch_attributes(
|
|
}
|
|
request_blob.size = max_fragment_size;
|
|
|
|
- response_blob.spotlight_blob = talloc_array(mem_ctx,
|
|
- uint8_t,
|
|
- max_fragment_size);
|
|
- if (response_blob.spotlight_blob == NULL) {
|
|
- status = NT_STATUS_INTERNAL_ERROR;
|
|
- goto done;
|
|
- }
|
|
- response_blob.size = max_fragment_size;
|
|
-
|
|
len = sl_pack(d, (char *)request_blob.spotlight_blob, request_blob.size);
|
|
if (len == -1) {
|
|
status = NT_STATUS_INTERNAL_ERROR;
|
|
--
|
|
2.34.1
|