1
0
mirror of https://github.com/samba-team/samba.git synced 2024-12-22 13:34:15 +03:00

s3:modules: Make nread a size_t and check for possible overflow

"Error: INTEGER_OVERFLOW (CWE-190):
samba-4.20.0rc2/source3/modules/vfs_preopen.c:215: tainted_data_return: Called function ""read(sock_fd, namebuf + nread, talloc_get_size(namebuf) - nread)"", and a possible return value may be less than zero.
samba-4.20.0rc2/source3/modules/vfs_preopen.c:215: assign: Assigning: ""thistime"" = ""read(sock_fd, namebuf + nread, talloc_get_size(namebuf) - nread)"".
samba-4.20.0rc2/source3/modules/vfs_preopen.c:221: overflow: The expression ""nread"" is considered to have possibly overflowed.
samba-4.20.0rc2/source3/modules/vfs_preopen.c:215: overflow: The expression ""talloc_get_size(namebuf) - nread"" is deemed overflowed because at least one of its arguments has overflowed.
samba-4.20.0rc2/source3/modules/vfs_preopen.c:215: overflow_sink: ""talloc_get_size(namebuf) - nread"", which might have underflowed, is passed to ""read(sock_fd, namebuf + nread, talloc_get_size(namebuf) - nread)"". [Note: The source code implementation of the function has been overridden by a builtin model.]
  213|   		ssize_t thistime;
  214|
  215|-> 		thistime = read(sock_fd, namebuf + nread,
  216|   				talloc_get_size(namebuf) - nread);
  217|   		if (thistime <= 0) {"

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
This commit is contained in:
Andreas Schneider 2024-07-08 11:25:32 +02:00 committed by Günther Deschner
parent a541a7d716
commit f3da16937a

View File

@ -203,13 +203,11 @@ static bool preopen_helper_open_one(int sock_fd, char **pnamebuf,
size_t to_read, void *filebuf)
{
char *namebuf = *pnamebuf;
ssize_t nread;
size_t nread = 0;
ssize_t chunk;
char c = 0;
int fd;
nread = 0;
do {
chunk = read(sock_fd, namebuf + nread,
talloc_get_size(namebuf) - nread);
@ -217,6 +215,9 @@ static bool preopen_helper_open_one(int sock_fd, char **pnamebuf,
return false;
}
if (nread + chunk < nread) {
return false;
}
nread += chunk;
if (nread == talloc_get_size(namebuf)) {