CVE-2013-4408:libcli/util: add some size verification to tstream_read_pdu_blob_done()

author Stefan Metzmacher <metze@samba.org>

Wed, 16 Oct 2013 12:17:49 +0000 (14:17 +0200)

committer Karolin Seeger <kseeger@samba.org>

Thu, 5 Dec 2013 10:11:52 +0000 (11:11 +0100)
author Stefan Metzmacher <metze@samba.org>
Wed, 16 Oct 2013 12:17:49 +0000 (14:17 +0200)
committer Karolin Seeger <kseeger@samba.org>
Thu, 5 Dec 2013 10:11:52 +0000 (11:11 +0100)
diff --git a/libcli/util/tstream.c b/libcli/util/tstream.c

index b287597c62c498c2a0d3f6608ff3d0d72cf95cd6..ff7f86498bc4f761edf6de3f540603721b46d280 100644 (file)
--- a/libcli/util/tstream.c
+++ b/libcli/util/tstream.c
@@ -129,6 +129,11 @@ static void tstream_read_pdu_blob_done(struct tevent_req *subreq)
                 return;
         }
  
+       if (new_buf_size <= old_buf_size) {
+               tevent_req_nterror(req, NT_STATUS_INVALID_BUFFER_SIZE);
+               return;
+       }
+
         buf = talloc_realloc(state, state->pdu_blob.data, uint8_t, new_buf_size);
         if (tevent_req_nomem(buf, req)) {
                 return;
author	Stefan Metzmacher <metze@samba.org>
	Wed, 16 Oct 2013 12:17:49 +0000 (14:17 +0200)
committer	Karolin Seeger <kseeger@samba.org>
	Thu, 5 Dec 2013 10:11:52 +0000 (11:11 +0100)