CVE-2013-4408:async_sock: add some overflow detection to read_packet_handler()

author Stefan Metzmacher <metze@samba.org>

Wed, 16 Oct 2013 12:17:49 +0000 (14:17 +0200)

committer Karolin Seeger <kseeger@samba.org>

Thu, 5 Dec 2013 10:11:52 +0000 (11:11 +0100)
author Stefan Metzmacher <metze@samba.org>
Wed, 16 Oct 2013 12:17:49 +0000 (14:17 +0200)
committer Karolin Seeger <kseeger@samba.org>
Thu, 5 Dec 2013 10:11:52 +0000 (11:11 +0100)
diff --git a/lib/async_req/async_sock.c b/lib/async_req/async_sock.c

index bb8518f94856ed57ab722894e0311c13f27a060a..03b0b338587819102d3ec3964c7afc94edd807d9 100644 (file)
--- a/lib/async_req/async_sock.c
+++ b/lib/async_req/async_sock.c
@@ -635,6 +635,11 @@ static void read_packet_handler(struct tevent_context *ev,
                 return;
         }
  
+       if (total + more < total) {
+               tevent_req_error(req, EMSGSIZE);
+               return;
+       }
+
         tmp = talloc_realloc(state, state->buf, uint8_t, total+more);
         if (tevent_req_nomem(tmp, req)) {
                 return;
author	Stefan Metzmacher <metze@samba.org>
	Wed, 16 Oct 2013 12:17:49 +0000 (14:17 +0200)
committer	Karolin Seeger <kseeger@samba.org>
	Thu, 5 Dec 2013 10:11:52 +0000 (11:11 +0100)