s3: net: Harden guess_charset() against overflow errors.

[obnox/samba/samba-obnox.git] / source3 / registry / reg_parse.c

diff --git a/source3/registry/reg_parse.c b/source3/registry/reg_parse.c
index 81815a4fd98f7a4e23407a5c951010377f414ee6..3093e6acf76d178d0ca000813a477f5bb4801a7b 100644 (file)
--- a/source3/registry/reg_parse.c
+++ b/source3/registry/reg_parse.c
@@ -688,7 +688,15 @@ static bool guess_charset(const char** ptr,
        }
 
        if (srprs_bom(&pos, &charset, NULL)) {
-               *len -= (pos - *ptr);
+               size_t declen;
+               if (pos < *ptr) {
+                       return false;
+               }
+               declen = (pos - *ptr);
+               if (*len < declen) {
+                       return false;
+               }
+               *len -= declen;
                *ptr = pos;
                if (*file_enc == NULL) {
                        *file_enc = charset;