[SCM] Samba Shared Repository - branch master updated

Volker Lendecke vlendec at samba.org
Wed Mar 28 14:09:02 UTC 2018 

The branch, master has been updated
       via  1cd0fe9 ndr_string: Do overflow checks in ndr_push/pull_charset
       via  360804e ndr_string: Fix a signed/unsigned glitch
      from  4e0cf2f ctdb-tests: Delete unused fake /etc/sysconfig/ctdb file

https://git.samba.org/?p=samba.git;a=shortlog;h=master


- Log -----------------------------------------------------------------
commit 1cd0fe90cf642de4ab4d03819f87a13c20bd2805
Author: Volker Lendecke <vl at samba.org>
Date:   Mon Mar 26 12:02:01 2018 +0200

    ndr_string: Do overflow checks in ndr_push/pull_charset
    
    Signed-off-by: Volker Lendecke <vl at samba.org>
    Reviewed-by: Andreas Schneider <asn at samba.org>
    
    Autobuild-User(master): Volker Lendecke <vl at samba.org>
    Autobuild-Date(master): Wed Mar 28 16:08:16 CEST 2018 on sn-devel-144

commit 360804ed4f7d3ab7375ba68885fed4584ef0a438
Author: Volker Lendecke <vl at samba.org>
Date:   Mon Mar 26 12:00:40 2018 +0200

    ndr_string: Fix a signed/unsigned glitch
    
    Signed-off-by: Volker Lendecke <vl at samba.org>
    Reviewed-by: Andreas Schneider <asn at samba.org>

-----------------------------------------------------------------------

Summary of changes:
 librpc/ndr/ndr_string.c | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)


Changeset truncated at 500 lines:

diff --git a/librpc/ndr/ndr_string.c b/librpc/ndr/ndr_string.c
index 067f917..cc35086 100644
--- a/librpc/ndr/ndr_string.c
+++ b/librpc/ndr/ndr_string.c
@@ -588,6 +588,9 @@ _PUBLIC_ enum ndr_err_code ndr_pull_charset(struct ndr_pull *ndr, int ndr_flags,
 		chset = CH_UTF16BE;
 	}
 
+	if ((byte_mul != 0) && (length > UINT32_MAX/byte_mul)) {
+		return ndr_pull_error(ndr, NDR_ERR_BUFSIZE, "length overflow");
+	}
 	NDR_PULL_NEED_BYTES(ndr, length*byte_mul);
 
 	if (!convert_string_talloc(ndr->current_mem_ctx, chset, CH_UNIX,
@@ -636,12 +639,15 @@ _PUBLIC_ enum ndr_err_code ndr_pull_charset_to_null(struct ndr_pull *ndr, int nd
 
 _PUBLIC_ enum ndr_err_code ndr_push_charset(struct ndr_push *ndr, int ndr_flags, const char *var, uint32_t length, uint8_t byte_mul, charset_t chset)
 {
-	ssize_t required;
+	size_t required;
 
 	if (NDR_BE(ndr) && chset == CH_UTF16) {
 		chset = CH_UTF16BE;
 	}
 
+	if ((byte_mul != 0) && (length > SIZE_MAX/byte_mul)) {
+		return ndr_push_error(ndr, NDR_ERR_LENGTH, "length overflow");
+	}
 	required = byte_mul * length;
 	
 	NDR_PUSH_NEED_BYTES(ndr, required);


-- 
Samba Shared Repository

More information about the samba-cvs mailing list