git.samba.org
/
samba.git
/ commitdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
| commitdiff |
tree
raw
|
patch
| inline |
side by side
(parent:
ba9728b
)
CVE-2013-4408:async_sock: add some overflow detection to read_packet_handler()
author
Stefan Metzmacher
<metze@samba.org>
Wed, 16 Oct 2013 12:17:49 +0000
(14:17 +0200)
committer
Karolin Seeger
<kseeger@samba.org>
Thu, 5 Dec 2013 10:11:52 +0000
(11:11 +0100)
Bug: https://bugzilla.samba.org/show_bug.cgi?id=10185
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
lib/async_req/async_sock.c
patch
|
blob
|
history
diff --git
a/lib/async_req/async_sock.c
b/lib/async_req/async_sock.c
index bb8518f94856ed57ab722894e0311c13f27a060a..03b0b338587819102d3ec3964c7afc94edd807d9 100644
(file)
--- a/
lib/async_req/async_sock.c
+++ b/
lib/async_req/async_sock.c
@@
-635,6
+635,11
@@
static void read_packet_handler(struct tevent_context *ev,
return;
}
+ if (total + more < total) {
+ tevent_req_error(req, EMSGSIZE);
+ return;
+ }
+
tmp = talloc_realloc(state, state->buf, uint8_t, total+more);
if (tevent_req_nomem(tmp, req)) {
return;