git.samba.org / bbaumbach / samba-autobuild / .git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: bffcc17)
tdb: Refuse to load a database with hash size 0
authorAndrew Bartlett <abartlet@samba.org>
Mon, 9 Nov 2015 01:10:11 +0000 (14:10 +1300)
committerJeremy Allison <jra@samba.org>
Fri, 18 Dec 2015 07:26:24 +0000 (08:26 +0100)
This just ensures we reject (rather than div-by-0) a corrupt
DB with a zero hash size.

Found with american fuzzy lop

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Fri Dec 18 08:26:25 CET 2015 on sn-devel-144

lib/tdb/common/open.c patch | blob | history

diff --git a/lib/tdb/common/open.c b/lib/tdb/common/open.c
index 3b53fa7e3e4d4f8eff472e01f91f5225e605971b..f3ef856eae166874bb24d3dff6285a73e41eb88c 100644 (file)
--- a/lib/tdb/common/open.c
+++ b/lib/tdb/common/open.c
@@ -593,6 +593,13 @@ _PUBLIC_ struct tdb_context *tdb_open_ex(const char *name, int hash_size, int td
                errno = ENOSYS;
                goto fail;
        }
+
+       if (header.hash_size == 0) {
+               TDB_LOG((tdb, TDB_DEBUG_ERROR, "tdb_open_ex: invalid database: 0 hash_size\n"));
+               errno = ENOSYS;
+               goto fail;
+       }
+
        tdb->hash_size = header.hash_size;
 
        if (header.rwlocks == TDB_FEATURE_FLAG_MAGIC) {
Unnamed repository; edit this file 'description' to name the repository.