sin/samba-mirror
1
0
Fork 0
mirror of https://github.com/samba-team/samba.git synced 2025-02-02 09:47:23 +03:00
Code

s3:registry: Check for integer overflow

Browse Source 
"Error: INTEGER_OVERFLOW (CWE-190):
samba-4.20.0rc2/source3/registry/regfio.c:175: tainted_data_argument: The check ""bytes_read < block_size"" contains the tainted expression ""bytes_read"" which causes ""block_size"" to be considered tainted.
samba-4.20.0rc2/source3/registry/regfio.c:176: overflow: The expression ""block_size - bytes_read"" is deemed overflowed because at least one of its arguments has overflowed.
samba-4.20.0rc2/source3/registry/regfio.c:176: overflow_sink: ""block_size - bytes_read"", which might have underflowed, is passed to ""read(file->fd, buffer + bytes_read, block_size - bytes_read)"". [Note: The source code implementation of the function has been overridden by a builtin model.]
  174|
  175|   	while ( bytes_read < block_size ) {
  176|-> 		if ( (returned = read( file->fd, buffer+bytes_read, block_size-bytes_read )) == -1 ) {
  177|   			DEBUG(0,(""read_block: read() failed (%s)\n"", strerror(errno) ));
  178|   			return False;"

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
This commit is contained in:
Andreas Schneider 2024-06-26 14:31:48 +02:00 committed by Andreas Schneider
parent 2a6805cc82
commit 6cadb1d695
1 changed files with 4 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
source3/registry/regfio.c
View File

@ -182,6 +182,10 @@ static int read_block( REGF_FILE *file, prs_struct *ps, uint32_t file_offset, ui
return False;
}
if (returned < 0 || bytes_read > INT_MAX - returned) {
DBG_ERR("Integer overflow\n");
return false;
}
bytes_read += returned;
}