mirror of
https://github.com/samba-team/samba.git
synced 2024-12-22 13:34:15 +03:00
s3:winbind: Fix integer type of len
"Error: INTEGER_OVERFLOW (CWE-190): samba-4.20.0rc2/source3/winbindd/winbindd_cache.c:849: cast_overflow: Truncation due to cast operation on ""len"" from 32 to 8 bits. samba-4.20.0rc2/source3/winbindd/winbindd_cache.c:851: overflow_sink: ""len"", which might have overflowed, is passed to ""memcpy(centry->data + centry->ofs, s, len)"". [Note: The source code implementation of the function has been overridden by a builtin model.] 849| centry_put_uint8(centry, len); 850| centry_expand(centry, len); 851|-> memcpy(centry->data + centry->ofs, s, len); 852| centry->ofs += len; 853| }" Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Martin Schwenke <mschwenke@ddn.com>
This commit is contained in:
parent
aae8cab3f9
commit
b11cf72c1b
@ -834,7 +834,7 @@ static void centry_put_uint8(struct cache_entry *centry, uint8_t v)
|
||||
*/
|
||||
static void centry_put_string(struct cache_entry *centry, const char *s)
|
||||
{
|
||||
int len;
|
||||
size_t len;
|
||||
|
||||
if (!s) {
|
||||
/* null strings are marked as len 0xFFFF */
|
||||
@ -845,7 +845,8 @@ static void centry_put_string(struct cache_entry *centry, const char *s)
|
||||
len = strlen(s);
|
||||
/* can't handle more than 254 char strings. Truncating is probably best */
|
||||
if (len > 254) {
|
||||
DBG_DEBUG("centry_put_string: truncating len (%d) to: 254\n", len);
|
||||
DBG_DEBUG("centry_put_string: truncating len (%zu) to: 254\n",
|
||||
len);
|
||||
len = 254;
|
||||
}
|
||||
centry_put_uint8(centry, len);
|
||||
|
Loading…
Reference in New Issue
Block a user