creds: assert that credential read from file fits in data struct

author Luca Boccassi <luca.boccassi@microsoft.com>

Tue, 3 Aug 2021 13:53:31 +0000 (14:53 +0100)

committer Luca Boccassi <luca.boccassi@microsoft.com>

Tue, 3 Aug 2021 13:56:28 +0000 (14:56 +0100)
author Luca Boccassi <luca.boccassi@microsoft.com>
Tue, 3 Aug 2021 13:53:31 +0000 (14:53 +0100)
committer Luca Boccassi <luca.boccassi@microsoft.com>
Tue, 3 Aug 2021 13:56:28 +0000 (14:56 +0100)
diff --git a/src/shared/creds-util.c b/src/shared/creds-util.c

index ee279e0c9c1aebdddaca9547c1fd0ba48659c81c..3bc5fbef51268b3e379f471c4015a451a5bb5ec1 100644 (file)
--- a/src/shared/creds-util.c
+++ b/src/shared/creds-util.c
@@ -299,6 +299,8 @@ int get_credential_host_secret(CredentialSecretFlags flags, void **ret, size_t *
                          if (ret) {
                                  void *copy;
  
+                                assert(sz <= sizeof(f->data)); /* Ensure we don't read past f->data bounds */
+
                                  copy = memdup(f->data, sz);
                                  if (!copy)
                                          return -ENOMEM;
author	Luca Boccassi <luca.boccassi@microsoft.com>
	Tue, 3 Aug 2021 13:53:31 +0000 (14:53 +0100)
committer	Luca Boccassi <luca.boccassi@microsoft.com>
	Tue, 3 Aug 2021 13:56:28 +0000 (14:56 +0100)