General Coverity Fixes - 3 enclosed.
Ira Cooper
ira at samba.org
Sat Feb 15 13:07:34 MST 2014
Change made.
Are the rest of the patches ok?
Thanks,
-Ira
On Sat, Feb 15, 2014 at 2:33 PM, Stefan (metze) Metzmacher
<metze at samba.org>wrote:
> Hi Ira,
>
> > From e551479e36b417e7b820917c8aaadee9fd51f515 Mon Sep 17 00:00:00 2001
> > From: Ira Cooper <ira at samba.org>
> > Date: Thu, 13 Feb 2014 14:45:23 -0500
> > Subject: [PATCH 3/3] libcli: Overflow array index read possible, in auth
> code.
> >
> > The values have to be signed here to allow for the values to go negative,
> > to prevent the overflow.
> >
> > Coverity-Id: 1167990
> > Signed-off-by: Ira Cooper <ira at samba.org>
> > ---
> > libcli/auth/netlogon_creds_cli.c | 4 ++--
> > 1 file changed, 2 insertions(+), 2 deletions(-)
> >
> > diff --git a/libcli/auth/netlogon_creds_cli.c
> b/libcli/auth/netlogon_creds_cli.c
> > index d73335d..7e88255 100644
> > --- a/libcli/auth/netlogon_creds_cli.c
> > +++ b/libcli/auth/netlogon_creds_cli.c
> > @@ -1766,8 +1766,8 @@ struct tevent_req
> *netlogon_creds_cli_ServerPasswordSet_send(TALLOC_CTX *mem_ctx
> >
> > if (new_version != NULL) {
> > struct NL_PASSWORD_VERSION version;
> > - uint32_t len = IVAL(state->samr_crypt_password.data, 512);
> > - uint32_t ofs = 512 - len;
> > + int32_t len = IVAL(state->samr_crypt_password.data, 512);
> > + int32_t ofs = 512 - len;
> > uint8_t *p;
> >
> > if (ofs < 12) {
>
> I'd prefer that we leave it as uint32_t but check for if (len > 500).
>
> metze
>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0001-libcli-Overflow-array-index-read-possible-in-auth-co.patch
Type: text/x-patch
Size: 933 bytes
Desc: not available
URL: <http://lists.samba.org/pipermail/samba-technical/attachments/20140215/1f2479a7/attachment.bin>
More information about the samba-technical
mailing list