]> git.ipfire.org Git - thirdparty/samba.git/commitdiff
projects / thirdparty / samba.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: e2a7496)
ndr:dnsp: avoid theoretical int overflow (CID 1609418)
authorDouglas Bagnall <douglas.bagnall@catalyst.net.nz>
Tue, 30 Jul 2024 22:41:54 +0000 (10:41 +1200)
committerDouglas Bagnall <dbagnall@samba.org>
Wed, 28 Aug 2024 04:24:39 +0000 (04:24 +0000)
Coverity points out that if the string is longer than INT_MAX, the int
will overflow and the cast to uint8_t will discard bits.

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Jennifer Sutton <josutton@catalyst.net.nz>
librpc/ndr/ndr_dnsp.c patch | blob | blame | history

diff --git a/librpc/ndr/ndr_dnsp.c b/librpc/ndr/ndr_dnsp.c
index b4cad86392d5a5dc6209bf8c892138b3c0054438..2f218edade4e681ea5f42c8ca8eca38c7741ac31 100644 (file)
--- a/librpc/ndr/ndr_dnsp.c
+++ b/librpc/ndr/ndr_dnsp.c
@@ -171,11 +171,12 @@ _PUBLIC_ enum ndr_err_code ndr_pull_dnsp_string(struct ndr_pull *ndr, ndr_flags_
 
 enum ndr_err_code ndr_push_dnsp_string(struct ndr_push *ndr, ndr_flags_type ndr_flags, const char *string)
 {
-       int total_len;
+       size_t total_len;
        total_len = strlen(string);
        if (total_len > 255) {
                return ndr_push_error(ndr, NDR_ERR_BUFSIZE,
-                                     "dns_name of length %d larger than 255", total_len);
+                                     "dns_name of length %zu larger than 255",
+                                     total_len);
        }
        NDR_CHECK(ndr_push_uint8(ndr, ndr_flags, (uint8_t)total_len));
        NDR_CHECK(ndr_push_bytes(ndr, (const uint8_t *)string, total_len));
Mirror of https://github.com/samba-team/samba.git