General Coverity Fixes - 3 enclosed.
Stefan (metze) Metzmacher
metze at samba.org
Sat Feb 15 12:33:48 MST 2014
Hi Ira,
> From e551479e36b417e7b820917c8aaadee9fd51f515 Mon Sep 17 00:00:00 2001
> From: Ira Cooper <ira at samba.org>
> Date: Thu, 13 Feb 2014 14:45:23 -0500
> Subject: [PATCH 3/3] libcli: Overflow array index read possible, in auth code.
>
> The values have to be signed here to allow for the values to go negative,
> to prevent the overflow.
>
> Coverity-Id: 1167990
> Signed-off-by: Ira Cooper <ira at samba.org>
> ---
> libcli/auth/netlogon_creds_cli.c | 4 ++--
> 1 file changed, 2 insertions(+), 2 deletions(-)
>
> diff --git a/libcli/auth/netlogon_creds_cli.c b/libcli/auth/netlogon_creds_cli.c
> index d73335d..7e88255 100644
> --- a/libcli/auth/netlogon_creds_cli.c
> +++ b/libcli/auth/netlogon_creds_cli.c
> @@ -1766,8 +1766,8 @@ struct tevent_req *netlogon_creds_cli_ServerPasswordSet_send(TALLOC_CTX *mem_ctx
>
> if (new_version != NULL) {
> struct NL_PASSWORD_VERSION version;
> - uint32_t len = IVAL(state->samr_crypt_password.data, 512);
> - uint32_t ofs = 512 - len;
> + int32_t len = IVAL(state->samr_crypt_password.data, 512);
> + int32_t ofs = 512 - len;
> uint8_t *p;
>
> if (ofs < 12) {
I'd prefer that we leave it as uint32_t but check for if (len > 500).
metze
More information about the samba-technical
mailing list