[SCM] Samba Shared Repository - branch master updated

Ira Cooper ira at samba.org
Mon Feb 24 03:57:03 MST 2014 

The branch, master has been updated
       via  8cd8aa6 libcli: Overflow array index read possible, in auth code.
       via  1406371 Revert "libcli: Overflow array index read possible, in auth code."
      from  538cbfe libcli: Overflow array index read possible, in auth code.

http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master


- Log -----------------------------------------------------------------
commit 8cd8aa6686c21e8c43a6d14c0ae1a21954d6e8cd
Author: Ira Cooper <ira at samba.org>
Date:   Thu Feb 13 14:45:23 2014 -0500

    libcli: Overflow array index read possible, in auth code.
    
    Changed the if condtion to detect when we'd improperly overflow.
    
    Coverity-Id: 1167990
    Signed-off-by: Ira Cooper <ira at samba.org>
    Reviewed-by: Stefan Metzmacher <metze at samba.org>
    
    Autobuild-User(master): Ira Cooper <ira at samba.org>
    Autobuild-Date(master): Mon Feb 24 11:56:38 CET 2014 on sn-devel-104

commit 14063719e0b21da438179f0bb02b8c9d948d2dbb
Author: Ira Cooper <ira at samba.org>
Date:   Mon Feb 24 14:16:00 2014 +0530

    Revert "libcli: Overflow array index read possible, in auth code."
    
    This reverts commit 538cbfe0e90b7c7ed0f8421b323cac4dacd83f04.
    
    Signed-off-by: Ira Cooper <ira at samba.org>

-----------------------------------------------------------------------

Summary of changes:
 libcli/auth/netlogon_creds_cli.c |    6 +++---
 1 files changed, 3 insertions(+), 3 deletions(-)


Changeset truncated at 500 lines:

diff --git a/libcli/auth/netlogon_creds_cli.c b/libcli/auth/netlogon_creds_cli.c
index 7e88255..472a452 100644
--- a/libcli/auth/netlogon_creds_cli.c
+++ b/libcli/auth/netlogon_creds_cli.c
@@ -1766,11 +1766,11 @@ struct tevent_req *netlogon_creds_cli_ServerPasswordSet_send(TALLOC_CTX *mem_ctx
 
 	if (new_version != NULL) {
 		struct NL_PASSWORD_VERSION version;
-		int32_t len = IVAL(state->samr_crypt_password.data, 512);
-		int32_t ofs = 512 - len;
+		uint32_t len = IVAL(state->samr_crypt_password.data, 512);
+		uint32_t ofs = 512 - len;
 		uint8_t *p;
 
-		if (ofs < 12) {
+		if (len > 500) {
 			tevent_req_nterror(req, NT_STATUS_INVALID_PARAMETER_MIX);
 			return tevent_req_post(req, ev);
 		}


-- 
Samba Shared Repository

More information about the samba-cvs mailing list