1
0
mirror of https://github.com/samba-team/samba.git synced 2025-01-05 09:18:06 +03:00
samba-mirror/source4/dsdb/schema
Andreas Schneider 3cb4073cd0 s4:dsdb: Avoid possible underflows with new_len
Found by Covscan.

"Error: INTEGER_OVERFLOW (CWE-190):
samba-4.20.0rc2/source4/dsdb/schema/schema_query.c:403: tainted_data_argument: The check ""i < new_len"" contains the tainted expression ""i"" which causes ""new_len"" to be considered tainted.
samba-4.20.0rc2/source4/dsdb/schema/schema_query.c:407: overflow: The expression ""new_len - i"" is deemed underflowed because at least one of its arguments has underflowed.
samba-4.20.0rc2/source4/dsdb/schema/schema_query.c:407: overflow: The expression ""(new_len - i) * 8UL"" is deemed underflowed because at least one of its arguments has underflowed.
samba-4.20.0rc2/source4/dsdb/schema/schema_query.c:407: overflow_sink: ""(new_len - i) * 8UL"", which might have underflowed, is passed to ""memmove(val1, val2, (new_len - i) * 8UL)"". [Note: The source code implementation of the function has been overridden by a builtin model.]
  405|   			const char **val2 = &attr_list[i];
  406|   			if (ldb_attr_cmp(*val1, *val2) == 0) {
  407|-> 				memmove(val1, val2, (new_len - i) * sizeof( *attr_list));
  408|   				attr_list[new_len-1] = NULL;
  409|   				new_len--;"

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Signed-off-by: Martin Schwenke <mschwenke@ddn.com>
2024-06-24 06:14:36 +00:00
..
tests dsdb/schema/tests: let samba4.local.dsdb.syntax call the validate_dn() hook 2022-01-12 02:20:27 +00:00
dsdb_dn.c
prefixmap.h
schema_convert_to_ol.c s4:dsdb: Replace early ‘continue’ with ‘if’ statement (CID 1414738) 2023-10-13 02:18:31 +00:00
schema_description.c CVE-2023-0614 s4-dsdb: Treat confidential attributes as unindexed 2023-04-05 02:10:35 +00:00
schema_filtered.c Fix a comment typo copied around 2020-08-17 19:35:38 +00:00
schema_inferiors.c dsdb-schema: schema_fill_possible_inferiors() should rebuild everthing 2013-05-23 20:25:59 +10:00
schema_info_attr.c s4:dsdb: Fix code spelling 2023-09-11 02:42:41 +00:00
schema_init.c CVE-2023-0614 s4-dsdb: Treat confidential attributes as unindexed 2023-04-05 02:10:35 +00:00
schema_prefixmap.c lib: relicense smb_strtoul(l) under LGPLv3 2020-08-03 22:21:02 +00:00
schema_query.c s4:dsdb: Avoid possible underflows with new_len 2024-06-24 06:14:36 +00:00
schema_set.c dsdb:schema: use NUMERIC_CMP in place of uint32_cmp 2024-04-23 01:33:29 +00:00
schema_syntax.c s4:dsdb: Remove unnecessary casts 2023-08-14 04:57:34 +00:00
schema.h s4:dsdb/schema: Add dsdb_attribute_by_cn_ldb_val() 2023-03-31 08:29:32 +00:00