mirror of
https://github.com/samba-team/samba.git
synced 2024-12-22 13:34:15 +03:00
libndr: Early overflow detection
This is an addition without an overflow check. Do it right there. Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org>
This commit is contained in:
parent
5d19591e75
commit
ccb6e6634a
@ -2018,6 +2018,14 @@ _PUBLIC_ enum ndr_err_code ndr_pull_relative_ptr1(struct ndr_pull *ndr, const vo
|
||||
{
|
||||
enum ndr_err_code ret;
|
||||
rel_offset += ndr->relative_base_offset;
|
||||
if (rel_offset < ndr->relative_base_offset) {
|
||||
return ndr_pull_error(ndr,
|
||||
NDR_ERR_INVALID_POINTER,
|
||||
"Overflow rel_offset=%" PRIu32 " + "
|
||||
"relative_base_offset=%" PRIu32,
|
||||
rel_offset,
|
||||
ndr->relative_base_offset);
|
||||
}
|
||||
if (rel_offset > ndr->data_size) {
|
||||
return ndr_pull_error(ndr, NDR_ERR_BUFSIZE,
|
||||
"ndr_pull_relative_ptr1 rel_offset(%"PRIu32") > ndr->data_size(%"PRIu32")",
|
||||
|
Loading…
Reference in New Issue
Block a user