mirror of
https://github.com/samba-team/samba.git
synced 2024-12-24 21:34:56 +03:00
r21813: fixed an integer overflow error in the ndr push code.
Jerry, you might like to consider this for 3.0.25
This commit is contained in:
parent
0cb6634d94
commit
4b1c4cd25a
@ -224,7 +224,7 @@ enum ndr_compression_alg {
|
||||
} \
|
||||
} while(0)
|
||||
|
||||
#define NDR_PUSH_NEED_BYTES(ndr, n) NDR_CHECK(ndr_push_expand(ndr, ndr->offset+(n)))
|
||||
#define NDR_PUSH_NEED_BYTES(ndr, n) NDR_CHECK(ndr_push_expand(ndr, n))
|
||||
|
||||
#define NDR_PUSH_ALIGN(ndr, n) do { \
|
||||
if (!(ndr->flags & LIBNDR_FLAG_NOALIGN)) { \
|
||||
|
@ -160,10 +160,17 @@ DATA_BLOB ndr_push_blob(struct ndr_push *ndr)
|
||||
|
||||
|
||||
/*
|
||||
expand the available space in the buffer to 'size'
|
||||
expand the available space in the buffer to ndr->offset + extra_size
|
||||
*/
|
||||
NTSTATUS ndr_push_expand(struct ndr_push *ndr, uint32_t size)
|
||||
NTSTATUS ndr_push_expand(struct ndr_push *ndr, uint32_t extra_size)
|
||||
{
|
||||
uint32_t size = extra_size + ndr->offset;
|
||||
|
||||
if (size < ndr->offset) {
|
||||
/* extra_size overflowed the offset */
|
||||
return NT_STATUS_NO_MEMORY;
|
||||
}
|
||||
|
||||
if (ndr->alloc_size > size) {
|
||||
return NT_STATUS_OK;
|
||||
}
|
||||
|
Loading…
Reference in New Issue
Block a user