1
0
mirror of https://github.com/samba-team/samba.git synced 2024-12-22 13:34:15 +03:00

libndr: Early overflow detection

This is an addition without an overflow check. Do it right there.

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
This commit is contained in:
Volker Lendecke 2024-09-30 15:45:16 +02:00 committed by Ralph Boehme
parent 5d19591e75
commit ccb6e6634a

View File

@ -2018,6 +2018,14 @@ _PUBLIC_ enum ndr_err_code ndr_pull_relative_ptr1(struct ndr_pull *ndr, const vo
{
enum ndr_err_code ret;
rel_offset += ndr->relative_base_offset;
if (rel_offset < ndr->relative_base_offset) {
return ndr_pull_error(ndr,
NDR_ERR_INVALID_POINTER,
"Overflow rel_offset=%" PRIu32 " + "
"relative_base_offset=%" PRIu32,
rel_offset,
ndr->relative_base_offset);
}
if (rel_offset > ndr->data_size) {
return ndr_pull_error(ndr, NDR_ERR_BUFSIZE,
"ndr_pull_relative_ptr1 rel_offset(%"PRIu32") > ndr->data_size(%"PRIu32")",