diff options
author | Volker Lendecke <vl@samba.org> | 2015-07-09 19:27:41 +0200 |
---|---|---|
committer | Ralph Böhme <slow@samba.org> | 2015-07-09 21:59:20 +0200 |
commit | fc372110c20c7a3e64684432a342c519aa92e0fc (patch) | |
tree | 26499f38282f60128a4efad111fd6babcad026f9 | |
parent | 3387969a1f0a7411b6c490f330a171c09cb8e179 (diff) | |
download | samba-fc372110c20c7a3e64684432a342c519aa92e0fc.tar.gz |
rpc_server: Fix CID 1311341 Integer handling issues (OVERFLOW_BEFORE_WIDEN)
Quoting the full message:
Potentially overflowing expression "total_octets * 8U" with type "unsigned int"
(32 bits, unsigned) is evaluated using 32-bit arithmetic, and then used in a
context that expects an expression of type "uint64_t" (64 bits, unsigned).
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
-rw-r--r-- | source3/rpc_server/mdssvc/marshalling.c | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/source3/rpc_server/mdssvc/marshalling.c b/source3/rpc_server/mdssvc/marshalling.c index a16966f3a3f..0a02f418722 100644 --- a/source3/rpc_server/mdssvc/marshalling.c +++ b/source3/rpc_server/mdssvc/marshalling.c @@ -1304,8 +1304,8 @@ bool sl_unpack(DALLOC_CTX *query, const char *buf, size_t bufsize) } total_octets--; data_octets--; - data_bytes = data_octets * 8; - total_bytes = total_octets * 8; + data_bytes = ((uint64_t)data_octets) * 8; + total_bytes = ((uint64_t)total_octets) * 8; if (data_bytes >= total_bytes) { DEBUG(1,("%s: data_bytes: %" PRIu64 ", total_bytes: %" PRIu64 "\n", |