[PATCH] Fix CID 1415704 Integer overflowed argument
Andreas Schneider
asn at samba.org
Thu Jul 27 14:02:00 UTC 2017
On Thursday, 27 July 2017 14:10:28 CEST Volker Lendecke via samba-technical
wrote:
> Hi!
Hi Volker,
before we push any patch to Samba we should fix it in uid_wrapper first. The
reason is that we want to avoid reverting patches when we update to a new
version of uid_wrapper in Samba. So fixing it upstream first is important.
Are you ok with the attached patchset? If yes I would push them to uid_wrapper
upstream and then submit your patch for the Samba tree to autobuild.
Cheers,
Andreas
--
Andreas Schneider GPG-ID: CC014E3D
Samba Team asn at samba.org
www.samba.org
-------------- next part --------------
>From 6b9a961b61d579783e79cd4aa62f8b70e8f714a5 Mon Sep 17 00:00:00 2001
From: Volker Lendecke <vl at samba.org>
Date: Thu, 27 Jul 2017 15:55:18 +0200
Subject: [PATCH 1/2] uwrap: Fix integer overflowed argument
Found by Coverity
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
---
src/uid_wrapper.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/uid_wrapper.c b/src/uid_wrapper.c
index 0d74d20..cb31c5e 100644
--- a/src/uid_wrapper.c
+++ b/src/uid_wrapper.c
@@ -1035,7 +1035,7 @@ static void uwrap_init_env(struct uwrap_thread *id)
id->ngroups = 0;
free(id->groups);
- id->groups = malloc(sizeof(gid_t) * ngroups);
+ id->groups = calloc(ngroups, sizeof(gid_t));
if (id->groups == NULL) {
UWRAP_LOG(UWRAP_LOG_ERROR,
"Unable to allocate memory");
--
2.13.3
>From 595cd80207aef9d8cbb2474dc34b369a8a60d216 Mon Sep 17 00:00:00 2001
From: Andreas Schneider <asn at samba.org>
Date: Thu, 27 Jul 2017 15:55:58 +0200
Subject: [PATCH 2/2] uwrap: Use calloc to allocate groups array
Signed-off-by: Andreas Schneider <asn at samba.org>
---
src/uid_wrapper.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/uid_wrapper.c b/src/uid_wrapper.c
index cb31c5e..b3d12c5 100644
--- a/src/uid_wrapper.c
+++ b/src/uid_wrapper.c
@@ -749,7 +749,7 @@ static int uwrap_pthread_create(pthread_t *thread,
UWRAP_LOCK(uwrap_id);
- args->id->groups = malloc(sizeof(gid_t) * src_id->ngroups);
+ args->id->groups = calloc(src_id->ngroups, sizeof(gid_t));
if (args->id->groups == NULL) {
UWRAP_UNLOCK(uwrap_id);
SAFE_FREE(args->id);
--
2.13.3
More information about the samba-technical
mailing list