git.samba.org - metze/samba/wip.git/commit

git.samba.org / metze / samba / wip.git / commit

author	Stefan Metzmacher <metze@samba.org>
	Tue, 24 Sep 2013 03:03:40 +0000 (05:03 +0200)
committer	Karolin Seeger <kseeger@samba.org>
	Mon, 9 Dec 2013 06:05:45 +0000 (07:05 +0100)
commit	dfd4fc1591f17998bf7b6a867900ed6f1b35ca7c
tree	4c4fc4efb2c68ecdafd592d3872265bac4c37092	tree
parent	2fb570abec6d07cee61332cf518703060514d3a0	commit \| diff

CVE-2013-4408:librpc: check for invalid frag_len within dcerpc_read_ncacn_packet_next_vector()

We should do this explicit instead of relying on
tstream_readv_pdu_ask_for_next_vector() to catch the overflow.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=10185

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

librpc/rpc/dcerpc_util.c

diff | blob | history

Work in progress branches

RSS Atom