libndr: Early overflow detection

author Volker Lendecke <vl@samba.org>

Mon, 30 Sep 2024 13:45:16 +0000 (15:45 +0200)

committer Ralph Boehme <slow@samba.org>

Tue, 12 Nov 2024 12:09:34 +0000 (12:09 +0000)
author Volker Lendecke <vl@samba.org>
Mon, 30 Sep 2024 13:45:16 +0000 (15:45 +0200)
committer Ralph Boehme <slow@samba.org>
Tue, 12 Nov 2024 12:09:34 +0000 (12:09 +0000)
diff --git a/librpc/ndr/ndr.c b/librpc/ndr/ndr.c

index e96f50a3f2a9611e298014b118eee9203488536b..24db73d50010a5f33c9fac6da9b93773fa2cec62 100644 (file)
--- a/librpc/ndr/ndr.c
+++ b/librpc/ndr/ndr.c
@@ -2018,6 +2018,14 @@ _PUBLIC_ enum ndr_err_code ndr_pull_relative_ptr1(struct ndr_pull *ndr, const vo
  {
         enum ndr_err_code ret;
         rel_offset += ndr->relative_base_offset;
+       if (rel_offset < ndr->relative_base_offset) {
+               return ndr_pull_error(ndr,
+                                     NDR_ERR_INVALID_POINTER,
+                                     "Overflow rel_offset=%" PRIu32 " + "
+                                     "relative_base_offset=%" PRIu32,
+                                     rel_offset,
+                                     ndr->relative_base_offset);
+       }
         if (rel_offset > ndr->data_size) {
                 return ndr_pull_error(ndr, NDR_ERR_BUFSIZE,
                                       "ndr_pull_relative_ptr1 rel_offset(%"PRIu32") > ndr->data_size(%"PRIu32")",
author	Volker Lendecke <vl@samba.org>
	Mon, 30 Sep 2024 13:45:16 +0000 (15:45 +0200)
committer	Ralph Boehme <slow@samba.org>
	Tue, 12 Nov 2024 12:09:34 +0000 (12:09 +0000)