1
0
mirror of https://github.com/samba-team/samba.git synced 2024-12-22 13:34:15 +03:00

librpc ndr: ndr_pull_advance check for unsigned overflow.

Handle uint32 overflow in ndr_pull_advance

Credit to OSS-Fuzz

REF: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=20083
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14236

Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
This commit is contained in:
Gary Lockyer 2020-01-15 12:37:06 +13:00 committed by Andrew Bartlett
parent d1277f4d02
commit 14182350f8
2 changed files with 2 additions and 7 deletions

View File

@ -199,12 +199,8 @@ _PUBLIC_ enum ndr_err_code ndr_pull_pop(struct ndr_pull *ndr)
*/
_PUBLIC_ enum ndr_err_code ndr_pull_advance(struct ndr_pull *ndr, uint32_t size)
{
NDR_PULL_NEED_BYTES(ndr, size);
ndr->offset += size;
if (ndr->offset > ndr->data_size) {
return ndr_pull_error(ndr, NDR_ERR_BUFSIZE,
"ndr_pull_advance by %u failed",
size);
}
return NDR_ERR_SUCCESS;
}

View File

@ -1,2 +1 @@
^samba.tests.blackbox.ndrdump.samba.tests.blackbox.ndrdump.NdrDumpTests.test_ndrdump_fuzzed_ndr_compression
^librpc.ndr.ndr.test_ndr_pull_advance
^samba.tests.blackbox.ndrdump.samba.tests.blackbox.ndrdump.NdrDumpTests.test_ndrdump_fuzzed_NULL_struct_ntlmssp_CHALLENGE_MESSAGE