1
0
mirror of https://github.com/samba-team/samba.git synced 2024-12-24 21:34:56 +03:00

r21813: fixed an integer overflow error in the ndr push code.

Jerry, you might like to consider this for 3.0.25
This commit is contained in:
Andrew Tridgell 2007-03-13 04:37:09 +00:00 committed by Gerald (Jerry) Carter
parent 0cb6634d94
commit 4b1c4cd25a
2 changed files with 10 additions and 3 deletions

View File

@ -224,7 +224,7 @@ enum ndr_compression_alg {
} \
} while(0)
#define NDR_PUSH_NEED_BYTES(ndr, n) NDR_CHECK(ndr_push_expand(ndr, ndr->offset+(n)))
#define NDR_PUSH_NEED_BYTES(ndr, n) NDR_CHECK(ndr_push_expand(ndr, n))
#define NDR_PUSH_ALIGN(ndr, n) do { \
if (!(ndr->flags & LIBNDR_FLAG_NOALIGN)) { \

View File

@ -160,10 +160,17 @@ DATA_BLOB ndr_push_blob(struct ndr_push *ndr)
/*
expand the available space in the buffer to 'size'
expand the available space in the buffer to ndr->offset + extra_size
*/
NTSTATUS ndr_push_expand(struct ndr_push *ndr, uint32_t size)
NTSTATUS ndr_push_expand(struct ndr_push *ndr, uint32_t extra_size)
{
uint32_t size = extra_size + ndr->offset;
if (size < ndr->offset) {
/* extra_size overflowed the offset */
return NT_STATUS_NO_MEMORY;
}
if (ndr->alloc_size > size) {
return NT_STATUS_OK;
}