tdb: Do not pass non–null‐terminated strings to strcmp() (CID 1449485)

author Joseph Sutton <josephsutton@catalyst.net.nz>

Fri, 6 Oct 2023 00:54:02 +0000 (13:54 +1300)

committer Andrew Bartlett <abartlet@samba.org>

Fri, 13 Oct 2023 02:18:30 +0000 (02:18 +0000)
author Joseph Sutton <josephsutton@catalyst.net.nz>
Fri, 6 Oct 2023 00:54:02 +0000 (13:54 +1300)
committer Andrew Bartlett <abartlet@samba.org>
Fri, 13 Oct 2023 02:18:30 +0000 (02:18 +0000)
diff --git a/lib/tdb/common/open.c b/lib/tdb/common/open.c

index 10233591dad34a0f36f3f1b678a433b53307f0e0..3fa7ce1389d690a43cd8605be0e3263b7da43d82 100644 (file)
--- a/lib/tdb/common/open.c
+++ b/lib/tdb/common/open.c
@@ -513,7 +513,13 @@ _PUBLIC_ struct tdb_context *tdb_open_ex(const char *name, int hash_size, int td
  
         errno = 0;
         if (read(tdb->fd, &header, sizeof(header)) != sizeof(header)
-           || strcmp(header.magic_food, TDB_MAGIC_FOOD) != 0) {
+           /*
+            * Call strncmp() rather than strcmp() in case header.magic_food is
+            * not zero‐terminated. We’re still checking the full string for
+            * equality, as tdb_header::magic_food is larger than
+            * TDB_MAGIC_FOOD.
+            */
+           || strncmp(header.magic_food, TDB_MAGIC_FOOD, sizeof(header.magic_food)) != 0) {
                 if (!(open_flags & O_CREAT) ||
                     tdb_new_database(tdb, &header, hash_size) == -1) {
                         if (errno == 0) {
author	Joseph Sutton <josephsutton@catalyst.net.nz>
	Fri, 6 Oct 2023 00:54:02 +0000 (13:54 +1300)
committer	Andrew Bartlett <abartlet@samba.org>
	Fri, 13 Oct 2023 02:18:30 +0000 (02:18 +0000)