sin/samba-mirror
1
0
Fork 0
mirror of https://github.com/samba-team/samba.git synced 2025-01-21 18:04:06 +03:00
Code

lib: Fix Coverity ID 1636566 Untrusted loop bound

Browse Source 
Sanitize num_auths to [0,15] in sid_copy()

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Pavel Filipenský <pfilipensky@samba.org>
This commit is contained in:
Volker Lendecke 2024-12-04 14:03:12 +01:00
parent 06cca7bf02
commit 253e5f4a68
1 changed files with 4 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
libcli/security/util_sid.c
View File

@ -323,16 +323,17 @@ bool sid_peek_check_rid(const struct dom_sid *exp_dom_sid, const struct dom_sid
void sid_copy(struct dom_sid *dst, const struct dom_sid *src)
{
int i;
const int8_t num_auths = MIN(15, MAX(0, src->num_auths));
int8_t i;
*dst = (struct dom_sid) {
.sid_rev_num = src->sid_rev_num,
.num_auths = src->num_auths,
.num_auths = num_auths,
};
memcpy(&dst->id_auth[0], &src->id_auth[0], sizeof(src->id_auth));
for (i = 0; i < src->num_auths; i++)
for (i = 0; i < num_auths; i++)
dst->sub_auths[i] = src->sub_auths[i];
}