mirror of
https://github.com/samba-team/samba.git
synced 2024-12-22 13:34:15 +03:00
s3:winbind: Fix integer type of len
"Error: INTEGER_OVERFLOW (CWE-190): samba-4.20.0rc2/source3/winbindd/winbindd_cache.c:849: cast_overflow: Truncation due to cast operation on ""len"" from 32 to 8 bits. samba-4.20.0rc2/source3/winbindd/winbindd_cache.c:851: overflow_sink: ""len"", which might have overflowed, is passed to ""memcpy(centry->data + centry->ofs, s, len)"". [Note: The source code implementation of the function has been overridden by a builtin model.] 849| centry_put_uint8(centry, len); 850| centry_expand(centry, len); 851|-> memcpy(centry->data + centry->ofs, s, len); 852| centry->ofs += len; 853| }" Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Martin Schwenke <mschwenke@ddn.com>
This commit is contained in:
parent
aae8cab3f9
commit
b11cf72c1b
@ -834,7 +834,7 @@ static void centry_put_uint8(struct cache_entry *centry, uint8_t v)
|
|||||||
*/
|
*/
|
||||||
static void centry_put_string(struct cache_entry *centry, const char *s)
|
static void centry_put_string(struct cache_entry *centry, const char *s)
|
||||||
{
|
{
|
||||||
int len;
|
size_t len;
|
||||||
|
|
||||||
if (!s) {
|
if (!s) {
|
||||||
/* null strings are marked as len 0xFFFF */
|
/* null strings are marked as len 0xFFFF */
|
||||||
@ -845,7 +845,8 @@ static void centry_put_string(struct cache_entry *centry, const char *s)
|
|||||||
len = strlen(s);
|
len = strlen(s);
|
||||||
/* can't handle more than 254 char strings. Truncating is probably best */
|
/* can't handle more than 254 char strings. Truncating is probably best */
|
||||||
if (len > 254) {
|
if (len > 254) {
|
||||||
DBG_DEBUG("centry_put_string: truncating len (%d) to: 254\n", len);
|
DBG_DEBUG("centry_put_string: truncating len (%zu) to: 254\n",
|
||||||
|
len);
|
||||||
len = 254;
|
len = 254;
|
||||||
}
|
}
|
||||||
centry_put_uint8(centry, len);
|
centry_put_uint8(centry, len);
|
||||||
|
Loading…
Reference in New Issue
Block a user