CVE-2013-4408:s3:util_tsock: add some overflow detection to tstream_read_packet_done()

author Stefan Metzmacher <metze@samba.org>

Wed, 16 Oct 2013 12:17:49 +0000 (14:17 +0200)

committer Karolin Seeger <kseeger@samba.org>

Thu, 5 Dec 2013 10:11:52 +0000 (11:11 +0100)
author Stefan Metzmacher <metze@samba.org>
Wed, 16 Oct 2013 12:17:49 +0000 (14:17 +0200)
committer Karolin Seeger <kseeger@samba.org>
Thu, 5 Dec 2013 10:11:52 +0000 (11:11 +0100)
diff --git a/source3/lib/util_tsock.c b/source3/lib/util_tsock.c

index 35a97f5e692c4e59f860b12cdc15a0df6348370b..03380ef244bb9dae9883769708cd3330424fb4bc 100644 (file)
--- a/source3/lib/util_tsock.c
+++ b/source3/lib/util_tsock.c
@@ -110,6 +110,11 @@ static void tstream_read_packet_done(struct tevent_req *subreq)
                 return;
         }
  
+       if (total + more < total) {
+               tevent_req_error(req, EMSGSIZE);
+               return;
+       }
+
         tmp = talloc_realloc(state, state->buf, uint8_t, total+more);
         if (tevent_req_nomem(tmp, req)) {
                 return;
author	Stefan Metzmacher <metze@samba.org>
	Wed, 16 Oct 2013 12:17:49 +0000 (14:17 +0200)
committer	Karolin Seeger <kseeger@samba.org>
	Thu, 5 Dec 2013 10:11:52 +0000 (11:11 +0100)