rpc_server: Fix CID 1311341 Integer handling issues (OVERFLOW_BEFORE_WIDEN)

Quoting the full message: Potentially overflowing expression "total_octets * 8U" with type "unsigned int" (32 bits, unsigned) is evaluated using 32-bit arithmetic, and then used in a context that expects an expression of type "uint64_t" (64 bits, unsigned). Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org>
author: Volker Lendecke <vl@samba.org> 2015-07-09 19:27:41 +0200
committer: Ralph Böhme <slow@samba.org> 2015-07-09 21:59:20 +0200
commit: fc372110c20c7a3e64684432a342c519aa92e0fc (patch)
tree: 26499f38282f60128a4efad111fd6babcad026f9 /source3
parent: 3387969a1f0a7411b6c490f330a171c09cb8e179 (diff)
download: samba-fc372110c20c7a3e64684432a342c519aa92e0fc.tar.gz
1 files changed, 2 insertions, 2 deletions
diff --git a/source3/rpc_server/mdssvc/marshalling.c b/source3/rpc_server/mdssvc/marshalling.c
index a16966f3a3f..0a02f418722 100644
--- a/source3/rpc_server/mdssvc/marshalling.c
+++ b/source3/rpc_server/mdssvc/marshalling.c
@@ -1304,8 +1304,8 @@ bool sl_unpack(DALLOC_CTX *query, const char *buf, size_t bufsize)
 	}
 	total_octets--;
 	data_octets--;
-	data_bytes = data_octets * 8;
-	total_bytes = total_octets * 8;
+	data_bytes = ((uint64_t)data_octets) * 8;
+	total_bytes = ((uint64_t)total_octets) * 8;
 
 	if (data_bytes >= total_bytes) {
 		DEBUG(1,("%s: data_bytes: %" PRIu64 ", total_bytes: %" PRIu64 "\n",
author	Volker Lendecke <vl@samba.org>	2015-07-09 19:27:41 +0200
committer	Ralph Böhme <slow@samba.org>	2015-07-09 21:59:20 +0200
commit	fc372110c20c7a3e64684432a342c519aa92e0fc (patch)
tree	26499f38282f60128a4efad111fd6babcad026f9 /source3
parent	3387969a1f0a7411b6c490f330a171c09cb8e179 (diff)
download	samba-fc372110c20c7a3e64684432a342c519aa92e0fc.tar.gz