CVE-2015-5330: ldb_dn: simplify and fix ldb_dn_escape_internal()
authorDouglas Bagnall <douglas.bagnall@catalyst.net.nz>
Tue, 24 Nov 2015 00:07:23 +0000 (13:07 +1300)
committerRalph Boehme <slow@samba.org>
Wed, 9 Dec 2015 16:19:51 +0000 (17:19 +0100)
commit7f51ec8c4ed9ba1f53d722e44fb6fb3cde933b72
tree0caad4d680a73e84c8ff760c5a3e41679f863f33
parentaa6c27148b9d3f8c1e4fdd5dd46bfecbbd0ca465
CVE-2015-5330: ldb_dn: simplify and fix ldb_dn_escape_internal()

Previously we relied on NUL terminated strings and jumped back and
forth between copying escaped bytes and memcpy()ing un-escaped chunks.
This simple version is easier to reason about and works with
unterminated strings. It may also be faster as it avoids reading the
string twice (first with strcspn, then with memcpy).

Bug: https://bugzilla.samba.org/show_bug.cgi?id=11599

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Pair-programmed-with: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
lib/ldb/common/ldb_dn.c