git.samba.org
/
nivanova
/
samba-autobuild
/
.git
/ commitdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
| commitdiff |
tree
raw
|
patch
|
inline
| side by side (parent:
1bc787d
)
gensec: Add parinoia about integer wrapping
author
Andrew Bartlett
<abartlet@samba.org>
Sat, 22 Oct 2011 00:48:30 +0000
(11:48 +1100)
committer
Andrew Bartlett
<abartlet@samba.org>
Fri, 28 Oct 2011 11:10:28 +0000
(13:10 +0200)
auth/ntlmssp/ntlmssp_sign.c
patch
|
blob
|
history
diff --git
a/auth/ntlmssp/ntlmssp_sign.c
b/auth/ntlmssp/ntlmssp_sign.c
index a5c57d8423f43553ef3a34fad71ae745944e5a49..4d07a81e44b3733b4fed8c81dd993d7cc0ae273c 100644
(file)
--- a/
auth/ntlmssp/ntlmssp_sign.c
+++ b/
auth/ntlmssp/ntlmssp_sign.c
@@
-402,6
+402,10
@@
NTSTATUS ntlmssp_wrap(struct ntlmssp_state *ntlmssp_state,
DATA_BLOB sig;
if (ntlmssp_state->neg_flags & NTLMSSP_NEGOTIATE_SEAL) {
DATA_BLOB sig;
if (ntlmssp_state->neg_flags & NTLMSSP_NEGOTIATE_SEAL) {
+ if (in->length + NTLMSSP_SIG_SIZE < in->length) {
+ return NT_STATUS_INVALID_PARAMETER;
+ }
+
*out = data_blob_talloc(out_mem_ctx, NULL, in->length + NTLMSSP_SIG_SIZE);
if (!out->data) {
return NT_STATUS_NO_MEMORY;
*out = data_blob_talloc(out_mem_ctx, NULL, in->length + NTLMSSP_SIG_SIZE);
if (!out->data) {
return NT_STATUS_NO_MEMORY;
@@
-422,6
+426,9
@@
NTSTATUS ntlmssp_wrap(struct ntlmssp_state *ntlmssp_state,
return nt_status;
} else if (ntlmssp_state->neg_flags & NTLMSSP_NEGOTIATE_SIGN) {
return nt_status;
} else if (ntlmssp_state->neg_flags & NTLMSSP_NEGOTIATE_SIGN) {
+ if (in->length + NTLMSSP_SIG_SIZE < in->length) {
+ return NT_STATUS_INVALID_PARAMETER;
+ }
*out = data_blob_talloc(out_mem_ctx, NULL, in->length + NTLMSSP_SIG_SIZE);
if (!out->data) {
*out = data_blob_talloc(out_mem_ctx, NULL, in->length + NTLMSSP_SIG_SIZE);
if (!out->data) {