samba-mirror

mirror of https://github.com/samba-team/samba.git synced 2025-01-26 10:04:02 +03:00

History

Andreas Schneider 17dd13bb4b lib:ldb: Add missing overflow check in ldb_msg_normalize()

Error: INTEGER_OVERFLOW (CWE-190):
ldb-2.9.0/common/ldb_msg.c:1235: tainted_data_argument: The check "i < msg2->num_elements" contains the tainted expression "i" which causes "msg2->num_elements" to be considered tainted.
ldb-2.9.0/common/ldb_msg.c:1253: overflow: The expression "msg2->num_elements - (i + 1U)" is deemed underflowed because at least one of its arguments has underflowed.
ldb-2.9.0/common/ldb_msg.c:1253: overflow: The expression "32UL * (msg2->num_elements - (i + 1U))" is deemed underflowed because at least one of its arguments has underflowed.
ldb-2.9.0/common/ldb_msg.c:1253: overflow_sink: "32UL * (msg2->num_elements - (i + 1U))", which might have underflowed, is passed to "memmove(el2, el2 + 1, 32UL * (msg2->num_elements - (i + 1U)))". [Note: The source code implementation of the function has been overridden by a builtin model.]
  1251|                           talloc_free(discard_const_p(char, el2->name));
  1252|                           if ((i+1) < msg2->num_elements) {
  1253|->                                 memmove(el2, el2+1, sizeof(struct ldb_message_element) *
  1254|                                           (msg2->num_elements - (i+1)));
  1255|                           }

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>

2024-04-30 14:30:34 +00:00

attrib_handlers.c

ldb:attrib_handlers: use ldb_ascii_toupper() in first loop

2024-04-23 01:33:29 +00:00

ldb_attributes.c

ldb_tdb: Read from @INDEXLIST or an override if we are using a GUID index

2017-09-22 21:20:23 +02:00

ldb_controls.c

ldb: Split out ldb_controls_get_control() to search a list of controls

2024-02-16 02:41:36 +00:00

ldb_debug.c

lib/ldb: Do not vasprintf() the tevent debug messages that will not be shown