mirror of
https://github.com/samba-team/samba.git
synced 2024-12-22 13:34:15 +03:00
librpc ndr: ndr_pull_advance check for unsigned overflow.
Handle uint32 overflow in ndr_pull_advance Credit to OSS-Fuzz REF: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=20083 BUG: https://bugzilla.samba.org/show_bug.cgi?id=14236 Signed-off-by: Gary Lockyer <gary@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
This commit is contained in:
parent
d1277f4d02
commit
14182350f8
@ -199,12 +199,8 @@ _PUBLIC_ enum ndr_err_code ndr_pull_pop(struct ndr_pull *ndr)
|
||||
*/
|
||||
_PUBLIC_ enum ndr_err_code ndr_pull_advance(struct ndr_pull *ndr, uint32_t size)
|
||||
{
|
||||
NDR_PULL_NEED_BYTES(ndr, size);
|
||||
ndr->offset += size;
|
||||
if (ndr->offset > ndr->data_size) {
|
||||
return ndr_pull_error(ndr, NDR_ERR_BUFSIZE,
|
||||
"ndr_pull_advance by %u failed",
|
||||
size);
|
||||
}
|
||||
return NDR_ERR_SUCCESS;
|
||||
}
|
||||
|
||||
|
@ -1,2 +1 @@
|
||||
^samba.tests.blackbox.ndrdump.samba.tests.blackbox.ndrdump.NdrDumpTests.test_ndrdump_fuzzed_ndr_compression
|
||||
^librpc.ndr.ndr.test_ndr_pull_advance
|
||||
^samba.tests.blackbox.ndrdump.samba.tests.blackbox.ndrdump.NdrDumpTests.test_ndrdump_fuzzed_NULL_struct_ntlmssp_CHALLENGE_MESSAGE
|
||||
|
Loading…
Reference in New Issue
Block a user