CVE-2018-1057: s4:dsdb/acl: add a NULL check for talloc_new() in acl_check_password_r...

author Ralph Boehme <slow@samba.org>

Fri, 16 Feb 2018 14:17:26 +0000 (15:17 +0100)

committer Karolin Seeger <kseeger@samba.org>

Tue, 13 Mar 2018 09:28:56 +0000 (10:28 +0100)
author Ralph Boehme <slow@samba.org>
Fri, 16 Feb 2018 14:17:26 +0000 (15:17 +0100)
committer Karolin Seeger <kseeger@samba.org>
Tue, 13 Mar 2018 09:28:56 +0000 (10:28 +0100)
diff --git a/source4/dsdb/samdb/ldb_modules/acl.c b/source4/dsdb/samdb/ldb_modules/acl.c

index 4bf9779d507cd83530ddc46761426b88dd0c8597..2c0aee41edf9251b3d35a69b265a54377953b6b4 100644 (file)
--- a/source4/dsdb/samdb/ldb_modules/acl.c
+++ b/source4/dsdb/samdb/ldb_modules/acl.c
@@ -973,6 +973,10 @@ static int acl_check_password_rights(TALLOC_CTX *mem_ctx,
                                         "unicodePwd", "dBCSPwd", NULL }, **l;
         TALLOC_CTX *tmp_ctx = talloc_new(mem_ctx);
  
+       if (tmp_ctx == NULL) {
+               return LDB_ERR_OPERATIONS_ERROR;
+       }
+
         c = ldb_request_get_control(req, DSDB_CONTROL_PASSWORD_CHANGE_OID);
         if (c != NULL) {
                 /*
author	Ralph Boehme <slow@samba.org>
	Fri, 16 Feb 2018 14:17:26 +0000 (15:17 +0100)
committer	Karolin Seeger <kseeger@samba.org>
	Tue, 13 Mar 2018 09:28:56 +0000 (10:28 +0100)