diff options
| author | Stefan Metzmacher <metze@samba.org> | 2013-10-16 14:17:49 +0200 |
|---|---|---|
| committer | Karolin Seeger <kseeger@samba.org> | 2013-12-09 07:05:45 +0100 |
| commit | 94b2641a530b3bd6bb67017c2a3c571f0ff41921 (patch) | |
| tree | 5e4be65c1bcd277aafacf4b1d296557f5c5dc815 /lib/async_req | |
| parent | 127de4f4ac06cd8d5226187bc0a5be34bedc5bf8 (diff) | |
| download | samba-94b2641a530b3bd6bb67017c2a3c571f0ff41921.tar.gz | |
CVE-2013-4408:async_sock: add some overflow detection to read_packet_handler()
Bug: https://bugzilla.samba.org/show_bug.cgi?id=10185
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Diffstat (limited to 'lib/async_req')
| -rw-r--r-- | lib/async_req/async_sock.c | 5 |
1 files changed, 5 insertions, 0 deletions
diff --git a/lib/async_req/async_sock.c b/lib/async_req/async_sock.c index 59dde885921..74b2cb7baa8 100644 --- a/lib/async_req/async_sock.c +++ b/lib/async_req/async_sock.c @@ -667,6 +667,11 @@ static void read_packet_handler(struct tevent_context *ev, return; } + if (total + more < total) { + tevent_req_error(req, EMSGSIZE); + return; + } + tmp = talloc_realloc(state, state->buf, uint8_t, total+more); if (tevent_req_nomem(tmp, req)) { return; |