git.samba.org / samba.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 96083ab) | patch
CVE-2021-44142: libadouble: harden ad_unpack_xattrs()
authorRalph Boehme <slow@samba.org>
Fri, 26 Nov 2021 06:19:32 +0000 (07:19 +0100)
committerStefan Metzmacher <metze@samba.org>
Mon, 31 Jan 2022 15:27:37 +0000 (15:27 +0000)
commitc61a06503ede85658e9f0b3ac1f9c2a30ccf2fe7
tree14214752679f767e4ef2edd5557baa385fb62506tree
parent96083abc0c32aca397cfdf4341d179bfc5663d35commit | diff
CVE-2021-44142: libadouble: harden ad_unpack_xattrs()

This ensures ad_unpack_xattrs() is only called for an ad_type of ADOUBLE_RSRC,
which is used for parsing ._ AppleDouble sidecar files, and the buffer
ad->ad_data is AD_XATTR_MAX_HDR_SIZE bytes large which is a prerequisite for all
buffer out-of-bounds access checks in ad_unpack_xattrs().

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14914

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
source3/lib/adouble.c diff | blob | history
Samba Shared Repository