diff options
| author | Joseph Sutton <josephsutton@catalyst.net.nz> | 2023-10-06 13:54:02 +1300 |
|---|---|---|
| committer | Andrew Bartlett <abartlet@samba.org> | 2023-10-13 02:18:30 +0000 |
| commit | 757cd49b8445f22c2c19380e948e7aba5a76399a (patch) | |
| tree | 9ae08ecde302200b3cb08785833573c34fb238cc /lib | |
| parent | 8f4aa3508c0423a98dd2e75edb2f0afa1921fb28 (diff) | |
| download | samba-757cd49b8445f22c2c19380e948e7aba5a76399a.tar.gz samba-757cd49b8445f22c2c19380e948e7aba5a76399a.tar.bz2 samba-757cd49b8445f22c2c19380e948e7aba5a76399a.zip | |
tdb: Do not pass non–null‐terminated strings to strcmp() (CID 1449485)
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Diffstat (limited to 'lib')
| -rw-r--r-- | lib/tdb/common/open.c | 8 |
1 files changed, 7 insertions, 1 deletions
diff --git a/lib/tdb/common/open.c b/lib/tdb/common/open.c index 10233591dad..3fa7ce1389d 100644 --- a/lib/tdb/common/open.c +++ b/lib/tdb/common/open.c @@ -513,7 +513,13 @@ _PUBLIC_ struct tdb_context *tdb_open_ex(const char *name, int hash_size, int td errno = 0; if (read(tdb->fd, &header, sizeof(header)) != sizeof(header) - || strcmp(header.magic_food, TDB_MAGIC_FOOD) != 0) { + /* + * Call strncmp() rather than strcmp() in case header.magic_food is + * not zero‐terminated. We’re still checking the full string for + * equality, as tdb_header::magic_food is larger than + * TDB_MAGIC_FOOD. + */ + || strncmp(header.magic_food, TDB_MAGIC_FOOD, sizeof(header.magic_food)) != 0) { if (!(open_flags & O_CREAT) || tdb_new_database(tdb, &header, hash_size) == -1) { if (errno == 0) { |