1
0
mirror of https://github.com/samba-team/samba.git synced 2024-12-22 13:34:15 +03:00

CVE-2013-4408:libcli/util: add some size verification to tstream_read_pdu_blob_done()

Bug: https://bugzilla.samba.org/show_bug.cgi?id=10185

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
This commit is contained in:
Stefan Metzmacher 2013-10-16 14:17:49 +02:00 committed by Karolin Seeger
parent 6e293891ca
commit 821a49b7d0

View File

@ -129,6 +129,11 @@ static void tstream_read_pdu_blob_done(struct tevent_req *subreq)
return;
}
if (new_buf_size <= old_buf_size) {
tevent_req_nterror(req, NT_STATUS_INVALID_BUFFER_SIZE);
return;
}
buf = talloc_realloc(state, state->pdu_blob.data, uint8_t, new_buf_size);
if (tevent_req_nomem(buf, req)) {
return;