svn commit: samba r17221 - in branches/SAMBA_4_0/source/lib/util: .

abartlet at samba.org abartlet at samba.org
Tue Jul 25 00:53:05 GMT 2006


Author: abartlet
Date: 2006-07-25 00:53:03 +0000 (Tue, 25 Jul 2006)
New Revision: 17221

WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba&rev=17221

Log:
Add some integer wrap parinoia to data_blob_append().

Andrew Bartlett

Modified:
   branches/SAMBA_4_0/source/lib/util/data_blob.c


Changeset:
Modified: branches/SAMBA_4_0/source/lib/util/data_blob.c
===================================================================
--- branches/SAMBA_4_0/source/lib/util/data_blob.c	2006-07-25 00:16:45 UTC (rev 17220)
+++ branches/SAMBA_4_0/source/lib/util/data_blob.c	2006-07-25 00:53:03 UTC (rev 17221)
@@ -202,17 +202,30 @@
 	return NT_STATUS_OK;
 }
 
+
 /**
   append some data to a data blob
 **/
 _PUBLIC_ NTSTATUS data_blob_append(TALLOC_CTX *mem_ctx, DATA_BLOB *blob,
 				   const void *p, size_t length)
 {
-	blob->data = talloc_realloc_size(mem_ctx, blob->data,
-					 blob->length + length);
-	NT_STATUS_HAVE_NO_MEMORY(blob->data);	
-	memcpy(blob->data + blob->length, p, length);
-	blob->length += length;
+	NTSTATUS status;
+	size_t old_len = blob->length;
+	size_t new_len = old_len + length;
+	if (new_len < length || new_len < old_len) {
+		return NT_STATUS_NO_MEMORY;
+	}
+
+	if ((const uint8_t *)p + length < (const uint8_t *)p) {
+		return NT_STATUS_NO_MEMORY;
+	}
+	
+	status = data_blob_realloc(mem_ctx, blob, new_len);
+	if (!NT_STATUS_IS_OK(status)) {
+		return status;
+	}
+
+	memcpy(blob->data + old_len, p, length);
 	return NT_STATUS_OK;
 }
 



More information about the samba-cvs mailing list