lib:ldb: Add missing overflow check in ldb_msg_normalize()
Error: INTEGER_OVERFLOW (CWE-190):
ldb-2.9.0/common/ldb_msg.c:1235: tainted_data_argument: The check "i < msg2->num_elements" contains the tainted expression "i" which causes "msg2->num_elements" to be considered tainted.
ldb-2.9.0/common/ldb_msg.c:1253: overflow: The expression "msg2->num_elements - (i + 1U)" is deemed underflowed because at least one of its arguments has underflowed.
ldb-2.9.0/common/ldb_msg.c:1253: overflow: The expression "32UL * (msg2->num_elements - (i + 1U))" is deemed underflowed because at least one of its arguments has underflowed.
ldb-2.9.0/common/ldb_msg.c:1253: overflow_sink: "32UL * (msg2->num_elements - (i + 1U))", which might have underflowed, is passed to "memmove(el2, el2 + 1, 32UL * (msg2->num_elements - (i + 1U)))". [Note: The source code implementation of the function has been overridden by a builtin model.]
1251| talloc_free(discard_const_p(char, el2->name));
1252| if ((i+1) < msg2->num_elements) {
1253|-> memmove(el2, el2+1, sizeof(struct ldb_message_element) *
1254| (msg2->num_elements - (i+1)));
1255| }
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>