git.samba.org
/
vlendec
/
samba-autobuild
/
.git
/ commitdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
| commitdiff |
tree
raw
|
patch
| inline |
side by side
(parent:
10d8831
)
libsmb: Add overflow protection to symlink_reparse_buffer_marshall()
author
Volker Lendecke
<vl@samba.org>
Thu, 11 Jun 2020 12:42:49 +0000
(14:42 +0200)
committer
Jeremy Allison
<jra@samba.org>
Mon, 15 Jun 2020 17:59:39 +0000
(17:59 +0000)
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
source3/libsmb/reparse_symlink.c
patch
|
blob
|
history
diff --git
a/source3/libsmb/reparse_symlink.c
b/source3/libsmb/reparse_symlink.c
index f981b5fcce7242743a35edbb93cd46d00e46d562..b0b51814a555ce6ea56cb2a611e3046b3bc34177 100644
(file)
--- a/
source3/libsmb/reparse_symlink.c
+++ b/
source3/libsmb/reparse_symlink.c
@@
-53,7
+53,15
@@
bool symlink_reparse_buffer_marshall(
&print_utf16, &print_len)) {
goto fail;
}
- dst_len = 20 + subst_len + print_len;
+
+ dst_len = subst_len + 20;
+ if (dst_len < 20) {
+ goto fail;
+ }
+ dst_len += print_len;
+ if (dst_len < print_len) {
+ goto fail;
+ }
dst = talloc_array(mem_ctx, uint8_t, dst_len);
if (dst == NULL) {
goto fail;