edc1f6e252
idl: drsuapi_DsaAddressListItem_V1 limit recursion idl: limit recurion on recursive-elements lib: ldb Limit depth of ldb_parse_tree librpc: ndr add recursion check macros librpc: ndr Heap-buffer-overflow in lzxpress_decompress librpc: ndr NDR_PULL_ALIGN check for unsigned overflow lzxpress: add bounds checking to lzxpress decompress lzxpress: avoid technically undefined shift pidl: Add recursive depth checks utils: asn1 avoid undefined behaviour witness: idl fix length calculation for witness_IPaddrInfoList
36 lines
1.1 KiB
Diff
36 lines
1.1 KiB
Diff
From 2f8c3b62266b729b47d5ba25f1966786c1af0e5f Mon Sep 17 00:00:00 2001
|
|
From: Gary Lockyer <gary@catalyst.net.nz>
|
|
Date: Thu, 30 Jan 2020 08:52:34 +1300
|
|
Subject: [PATCH] idl: drsuapi_DsaAddressListItem_V1 limit recursion
|
|
|
|
Limit number of drsuapi_DsaAddressListItem_V1 elements to 1024
|
|
|
|
Credit to OSS-Fuzz
|
|
|
|
REF: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=19820
|
|
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14254
|
|
|
|
Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
|
|
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
|
|
---
|
|
librpc/idl/drsuapi.idl | 2 +-
|
|
1 files changed, 1 insertion(+), 1 deletions(-)
|
|
delete mode 100644 selftest/knownfail.d/bug-14254
|
|
|
|
diff --git a/librpc/idl/drsuapi.idl b/librpc/idl/drsuapi.idl
|
|
index 2aaae8dce59..04725276121 100644
|
|
--- a/librpc/idl/drsuapi.idl
|
|
+++ b/librpc/idl/drsuapi.idl
|
|
@@ -1452,7 +1452,7 @@ interface drsuapi
|
|
/* list of network names of the DCs
|
|
* to which the referral is directed */
|
|
typedef struct {
|
|
- drsuapi_DsaAddressListItem_V1 *next;
|
|
+ [max_recursion(1024)] drsuapi_DsaAddressListItem_V1 *next;
|
|
lsa_String *address;
|
|
} drsuapi_DsaAddressListItem_V1;
|
|
|
|
--
|
|
GitLab
|
|
|