tdb: Do an overflow check

author Volker Lendecke <vl@samba.org>

Wed, 10 Aug 2016 08:49:04 +0000 (10:49 +0200)

committer Ralph Boehme <slow@samba.org>

Mon, 29 Aug 2016 17:03:26 +0000 (19:03 +0200)
author Volker Lendecke <vl@samba.org>
Wed, 10 Aug 2016 08:49:04 +0000 (10:49 +0200)
committer Ralph Boehme <slow@samba.org>
Mon, 29 Aug 2016 17:03:26 +0000 (19:03 +0200)
diff --git a/lib/tdb/common/tdb.c b/lib/tdb/common/tdb.c

index e75f50c249718bd71bb0e6145df881ee2c1b066e..b3dbc715153946b3f915572f52adfabab72a8d33 100644 (file)
--- a/lib/tdb/common/tdb.c
+++ b/lib/tdb/common/tdb.c
@@ -496,8 +496,15 @@ static int _tdb_store(struct tdb_context *tdb, TDB_DATA key,
  {
         struct tdb_record rec;
         tdb_off_t rec_ptr;
+       tdb_len_t rec_len;
         int ret = -1;
  
+       rec_len = key.dsize + dbuf.dsize;
+       if ((rec_len < key.dsize) || (rec_len < dbuf.dsize)) {
+               tdb->ecode = TDB_ERR_OOM;
+               goto fail;
+       }
+
         /* check for it existing, on insert. */
         if (flag == TDB_INSERT) {
                 if (tdb_exists_hash(tdb, key, hash)) {
@@ -526,7 +533,7 @@ static int _tdb_store(struct tdb_context *tdb, TDB_DATA key,
                 tdb_delete_hash(tdb, key, hash);
  
         /* we have to allocate some space */
-       rec_ptr = tdb_allocate(tdb, hash, key.dsize + dbuf.dsize, &rec);
+       rec_ptr = tdb_allocate(tdb, hash, rec_len, &rec);
  
         if (rec_ptr == 0) {
                 goto fail;
author	Volker Lendecke <vl@samba.org>
	Wed, 10 Aug 2016 08:49:04 +0000 (10:49 +0200)
committer	Ralph Boehme <slow@samba.org>
	Mon, 29 Aug 2016 17:03:26 +0000 (19:03 +0200)