git.samba.org
/
kai
/
samba.git
/ commitdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
| commitdiff |
tree
raw
|
patch
| inline |
side by side
(parent:
6e29389
)
CVE-2013-4408:libcli/util: add some size verification to tstream_read_pdu_blob_done()
author
Stefan Metzmacher
<metze@samba.org>
Wed, 16 Oct 2013 12:17:49 +0000
(14:17 +0200)
committer
Karolin Seeger
<kseeger@samba.org>
Mon, 9 Dec 2013 06:05:46 +0000
(07:05 +0100)
Bug: https://bugzilla.samba.org/show_bug.cgi?id=10185
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
libcli/util/tstream.c
patch
|
blob
|
history
diff --git
a/libcli/util/tstream.c
b/libcli/util/tstream.c
index 12cef9b6ddd3d1dda87f868bfcfae336da29e123..dd830e2aa442d36afb2028599abebaa60a70c298 100644
(file)
--- a/
libcli/util/tstream.c
+++ b/
libcli/util/tstream.c
@@
-129,6
+129,11
@@
static void tstream_read_pdu_blob_done(struct tevent_req *subreq)
return;
}
+ if (new_buf_size <= old_buf_size) {
+ tevent_req_nterror(req, NT_STATUS_INVALID_BUFFER_SIZE);
+ return;
+ }
+
buf = talloc_realloc(state, state->pdu_blob.data, uint8_t, new_buf_size);
if (tevent_req_nomem(buf, req)) {
return;