From b11cf72c1be13b83fb9a3e8c852ba73ac3f7e9e2 Mon Sep 17 00:00:00 2001 From: Andreas Schneider Date: Fri, 21 Jun 2024 10:57:32 +0200 Subject: [PATCH] s3:winbind: Fix integer type of len "Error: INTEGER_OVERFLOW (CWE-190): samba-4.20.0rc2/source3/winbindd/winbindd_cache.c:849: cast_overflow: Truncation due to cast operation on ""len"" from 32 to 8 bits. samba-4.20.0rc2/source3/winbindd/winbindd_cache.c:851: overflow_sink: ""len"", which might have overflowed, is passed to ""memcpy(centry->data + centry->ofs, s, len)"". [Note: The source code implementation of the function has been overridden by a builtin model.] 849| centry_put_uint8(centry, len); 850| centry_expand(centry, len); 851|-> memcpy(centry->data + centry->ofs, s, len); 852| centry->ofs += len; 853| }" Signed-off-by: Andreas Schneider Reviewed-by: Martin Schwenke --- source3/winbindd/winbindd_cache.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/source3/winbindd/winbindd_cache.c b/source3/winbindd/winbindd_cache.c index 833862ab99e..0e426876582 100644 --- a/source3/winbindd/winbindd_cache.c +++ b/source3/winbindd/winbindd_cache.c @@ -834,7 +834,7 @@ static void centry_put_uint8(struct cache_entry *centry, uint8_t v) */ static void centry_put_string(struct cache_entry *centry, const char *s) { - int len; + size_t len; if (!s) { /* null strings are marked as len 0xFFFF */ @@ -845,7 +845,8 @@ static void centry_put_string(struct cache_entry *centry, const char *s) len = strlen(s); /* can't handle more than 254 char strings. Truncating is probably best */ if (len > 254) { - DBG_DEBUG("centry_put_string: truncating len (%d) to: 254\n", len); + DBG_DEBUG("centry_put_string: truncating len (%zu) to: 254\n", + len); len = 254; } centry_put_uint8(centry, len);