[PATCH] Fix CID 1415704 Integer overflowed argument

Andreas Schneider asn at samba.org
Thu Jul 27 14:02:00 UTC 2017 

On Thursday, 27 July 2017 14:10:28 CEST Volker Lendecke via samba-technical 
wrote:
> Hi!

Hi Volker,

before we push any patch to Samba we should fix it in uid_wrapper first. The 
reason is that we want to avoid reverting patches when we update to a new 
version of uid_wrapper in Samba. So fixing it upstream first is important.

Are you ok with the attached patchset? If yes I would push them to uid_wrapper 
upstream and then submit your patch for the Samba tree to autobuild.


Cheers,


	Andreas


-- 
Andreas Schneider                   GPG-ID: CC014E3D
Samba Team                             asn at samba.org
www.samba.org
-------------- next part --------------
>From 6b9a961b61d579783e79cd4aa62f8b70e8f714a5 Mon Sep 17 00:00:00 2001
From: Volker Lendecke <vl at samba.org>
Date: Thu, 27 Jul 2017 15:55:18 +0200
Subject: [PATCH 1/2] uwrap: Fix integer overflowed argument

Found by Coverity

Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
---
 src/uid_wrapper.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/uid_wrapper.c b/src/uid_wrapper.c
index 0d74d20..cb31c5e 100644
--- a/src/uid_wrapper.c
+++ b/src/uid_wrapper.c
@@ -1035,7 +1035,7 @@ static void uwrap_init_env(struct uwrap_thread *id)
 		id->ngroups = 0;
 
 		free(id->groups);
-		id->groups = malloc(sizeof(gid_t) * ngroups);
+		id->groups = calloc(ngroups, sizeof(gid_t));
 		if (id->groups == NULL) {
 			UWRAP_LOG(UWRAP_LOG_ERROR,
 				  "Unable to allocate memory");
-- 
2.13.3


>From 595cd80207aef9d8cbb2474dc34b369a8a60d216 Mon Sep 17 00:00:00 2001
From: Andreas Schneider <asn at samba.org>
Date: Thu, 27 Jul 2017 15:55:58 +0200
Subject: [PATCH 2/2] uwrap: Use calloc to allocate groups array

Signed-off-by: Andreas Schneider <asn at samba.org>
---
 src/uid_wrapper.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/uid_wrapper.c b/src/uid_wrapper.c
index cb31c5e..b3d12c5 100644
--- a/src/uid_wrapper.c
+++ b/src/uid_wrapper.c
@@ -749,7 +749,7 @@ static int uwrap_pthread_create(pthread_t *thread,
 
 	UWRAP_LOCK(uwrap_id);
 
-	args->id->groups = malloc(sizeof(gid_t) * src_id->ngroups);
+	args->id->groups = calloc(src_id->ngroups, sizeof(gid_t));
 	if (args->id->groups == NULL) {
 		UWRAP_UNLOCK(uwrap_id);
 		SAFE_FREE(args->id);
-- 
2.13.3

More information about the samba-technical mailing list