mirror of
https://github.com/samba-team/samba.git
synced 2024-12-22 13:34:15 +03:00
CVE-2013-4408:libcli/util: add some size verification to tstream_read_pdu_blob_done()
Bug: https://bugzilla.samba.org/show_bug.cgi?id=10185 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
This commit is contained in:
parent
6e293891ca
commit
821a49b7d0
@ -129,6 +129,11 @@ static void tstream_read_pdu_blob_done(struct tevent_req *subreq)
|
||||
return;
|
||||
}
|
||||
|
||||
if (new_buf_size <= old_buf_size) {
|
||||
tevent_req_nterror(req, NT_STATUS_INVALID_BUFFER_SIZE);
|
||||
return;
|
||||
}
|
||||
|
||||
buf = talloc_realloc(state, state->pdu_blob.data, uint8_t, new_buf_size);
|
||||
if (tevent_req_nomem(buf, req)) {
|
||||
return;
|
||||
|
Loading…
Reference in New Issue
Block a user