From 3fb1634f21fdad145eb30d9387e7f8d48f1f7692 Mon Sep 17 00:00:00 2001
From: Wayne Davison <wayned@samba.org>
Date: Sat, 7 Oct 2017 17:54:03 -0700
Subject: [PATCH] Fix possible buffer overrun for some large name_len values.
 Fixes bug 12568.

---
 xattrs.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/xattrs.c b/xattrs.c
index 75b1c206..68305d75 100644
--- a/xattrs.c
+++ b/xattrs.c
@@ -817,7 +817,7 @@ void receive_xattr(int f, struct file_struct *file)
 		size_t dget_len = datum_len > MAX_FULL_DATUM ? 1 + MAX_DIGEST_LEN : datum_len;
 		size_t extra_len = MIGHT_NEED_RPRE ? RPRE_LEN : 0;
 		if ((dget_len + extra_len < dget_len)
-		 || (dget_len + extra_len + name_len < dget_len))
+		 || (dget_len + extra_len + name_len < dget_len + extra_len))
 			overflow_exit("receive_xattr");
 		ptr = new_array(char, dget_len + extra_len + name_len);
 		if (!ptr)
-- 
2.47.2