git.samba.org
/
samba.git
/ commitdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
| commitdiff |
tree
raw
|
patch
| inline |
side by side
(from parent 1:
127de4f
)
CVE-2013-4408:async_sock: add some overflow detection to read_packet_handler()
author
Stefan Metzmacher
<metze@samba.org>
Wed, 16 Oct 2013 12:17:49 +0000
(14:17 +0200)
committer
Karolin Seeger
<kseeger@samba.org>
Mon, 9 Dec 2013 06:05:45 +0000
(07:05 +0100)
Bug: https://bugzilla.samba.org/show_bug.cgi?id=10185
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
lib/async_req/async_sock.c
patch
|
blob
|
history
diff --git
a/lib/async_req/async_sock.c
b/lib/async_req/async_sock.c
index 59dde885921a93661fbac417a8860be90baecde1..74b2cb7baa803223ff14d8c01cf54c6c481b0d03 100644
(file)
--- a/
lib/async_req/async_sock.c
+++ b/
lib/async_req/async_sock.c
@@
-667,6
+667,11
@@
static void read_packet_handler(struct tevent_context *ev,
return;
}
+ if (total + more < total) {
+ tevent_req_error(req, EMSGSIZE);
+ return;
+ }
+
tmp = talloc_realloc(state, state->buf, uint8_t, total+more);
if (tevent_req_nomem(tmp, req)) {
return;