libcli: Overflow array index read possible, in auth code.

The values have to be signed here to allow for the values to go negative,
to prevent the overflow.

Coverity-Id: 1167990
Signed-off-by: Ira Cooper <ira@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User(master): Ira Cooper <ira@samba.org>
Autobuild-Date(master): Mon Feb 24 07:23:03 CET 2014 on sn-devel-104

diff --git a/libcli/auth/netlogon_creds_cli.c b/libcli/auth/netlogon_creds_cli.c
index d73335da1d62906872189e163e18e642fed383ec..7e882552c94f629caaded512a228725d3c32514e 100644 (file)
--- a/libcli/auth/netlogon_creds_cli.c
+++ b/libcli/auth/netlogon_creds_cli.c
@@ -1766,8 +1766,8 @@ struct tevent_req *netlogon_creds_cli_ServerPasswordSet_send(TALLOC_CTX *mem_ctx
 
        if (new_version != NULL) {
                struct NL_PASSWORD_VERSION version;
-               uint32_t len = IVAL(state->samr_crypt_password.data, 512);
-               uint32_t ofs = 512 - len;
+               int32_t len = IVAL(state->samr_crypt_password.data, 512);
+               int32_t ofs = 512 - len;
                uint8_t *p;
 
                if (ofs < 12) {