diff options
author | Volker Lendecke <vl@samba.org> | 2018-05-08 08:41:04 +0200 |
---|---|---|
committer | Jeremy Allison <jra@samba.org> | 2018-05-11 20:33:13 +0200 |
commit | e8a04f72a5a123d8837a945b464d2081238c8473 (patch) | |
tree | 4b1247f022997351863269b2aae1a1bc475d6ba1 | |
parent | 1766f77493c5a76e4d7d1e5eedcaa150cc9ea552 (diff) | |
download | samba-e8a04f72a5a123d8837a945b464d2081238c8473.tar.gz |
printing: Fix CID 1435452 (TAINTED_SCALAR)
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ira Cooper <ira@samba.org>
-rw-r--r-- | source3/printing/nt_printing.c | 6 |
1 files changed, 6 insertions, 0 deletions
diff --git a/source3/printing/nt_printing.c b/source3/printing/nt_printing.c index 395f7b87da6..1639bfd4406 100644 --- a/source3/printing/nt_printing.c +++ b/source3/printing/nt_printing.c @@ -390,6 +390,12 @@ static int handle_pe_file(files_struct *fsp, /* get the section table */ num_sections = SVAL(buf,PE_HEADER_NUMBER_OF_SECTIONS); + + if (num_sections >= (UINT_MAX / PE_HEADER_SECT_HEADER_SIZE)) { + /* Integer wrap. */ + goto out; + } + section_table_bytes = num_sections * PE_HEADER_SECT_HEADER_SIZE; if (section_table_bytes == 0) { goto out; |