1
0
mirror of https://github.com/samba-team/samba.git synced 2024-12-22 13:34:15 +03:00

s3:winbind: Fix integer type of len

"Error: INTEGER_OVERFLOW (CWE-190):
samba-4.20.0rc2/source3/winbindd/winbindd_cache.c:849: cast_overflow: Truncation due to cast operation on ""len"" from 32 to 8 bits.
samba-4.20.0rc2/source3/winbindd/winbindd_cache.c:851: overflow_sink: ""len"", which might have overflowed, is passed to ""memcpy(centry->data + centry->ofs, s, len)"". [Note: The source code implementation of the function has been overridden by a builtin model.]
  849|   	centry_put_uint8(centry, len);
  850|   	centry_expand(centry, len);
  851|-> 	memcpy(centry->data + centry->ofs, s, len);
  852|   	centry->ofs += len;
  853|   }"

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Martin Schwenke <mschwenke@ddn.com>
This commit is contained in:
Andreas Schneider 2024-06-21 10:57:32 +02:00 committed by Martin Schwenke
parent aae8cab3f9
commit b11cf72c1b

View File

@ -834,7 +834,7 @@ static void centry_put_uint8(struct cache_entry *centry, uint8_t v)
*/ */
static void centry_put_string(struct cache_entry *centry, const char *s) static void centry_put_string(struct cache_entry *centry, const char *s)
{ {
int len; size_t len;
if (!s) { if (!s) {
/* null strings are marked as len 0xFFFF */ /* null strings are marked as len 0xFFFF */
@ -845,7 +845,8 @@ static void centry_put_string(struct cache_entry *centry, const char *s)
len = strlen(s); len = strlen(s);
/* can't handle more than 254 char strings. Truncating is probably best */ /* can't handle more than 254 char strings. Truncating is probably best */
if (len > 254) { if (len > 254) {
DBG_DEBUG("centry_put_string: truncating len (%d) to: 254\n", len); DBG_DEBUG("centry_put_string: truncating len (%zu) to: 254\n",
len);
len = 254; len = 254;
} }
centry_put_uint8(centry, len); centry_put_uint8(centry, len);