sin/samba-mirror
1
0
Fork 0
mirror of https://github.com/samba-team/samba.git synced 2025-02-02 09:47:23 +03:00
Code

Fix bug #10010 - Missing integer wrap protection in EA list reading can cause server to loop with DOS.

Browse Source 
Fix client-side parsing also. Found by David Disseldorp <ddiss@suse.de>

Signed-off-by: Jeremy Allison <jra@samba.org>

Autobuild-User(master): Karolin Seeger <kseeger@samba.org>
Autobuild-Date(master): Mon Aug  5 14:39:04 CEST 2013 on sn-devel-104
This commit is contained in:
Jeremy Allison 2013-07-11 09:36:01 -07:00 committed by Karolin Seeger
parent c8d8bb257a
commit c4cba824d9
1 changed files with 5 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
source4/libcli/raw/raweas.c
View File

@ -243,9 +243,12 @@ NTSTATUS ea_pull_list_chained(const DATA_BLOB *blob,
return NT_STATUS_INVALID_PARAMETER;
}
ofs += next_ofs;
if (ofs + next_ofs < ofs) {
return NT_STATUS_INVALID_PARAMETER;
}
if (ofs+4 > blob->length) {
ofs += next_ofs;
if (ofs+4 > blob->length || ofs+4 < ofs) {
return NT_STATUS_INVALID_PARAMETER;
}
n++;