CVE-2013-4408:async_sock: add some overflow detection to read_packet_handler()

Bug: https://bugzilla.samba.org/show_bug.cgi?id=10185

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

diff --git a/lib/async_req/async_sock.c b/lib/async_req/async_sock.c
index 59dde885921a93661fbac417a8860be90baecde1..74b2cb7baa803223ff14d8c01cf54c6c481b0d03 100644 (file)
--- a/lib/async_req/async_sock.c
+++ b/lib/async_req/async_sock.c
@@ -667,6 +667,11 @@ static void read_packet_handler(struct tevent_context *ev,
                return;
        }
 
+       if (total + more < total) {
+               tevent_req_error(req, EMSGSIZE);
+               return;
+       }
+
        tmp = talloc_realloc(state, state->buf, uint8_t, total+more);
        if (tevent_req_nomem(tmp, req)) {
                return;