"Error: INTEGER_OVERFLOW (CWE-190):
samba-4.20.0rc2/source3/modules/vfs_preopen.c:215: tainted_data_return: Called function ""read(sock_fd, namebuf + nread, talloc_get_size(namebuf) - nread)"", and a possible return value may be less than zero.
samba-4.20.0rc2/source3/modules/vfs_preopen.c:215: assign: Assigning: ""thistime"" = ""read(sock_fd, namebuf + nread, talloc_get_size(namebuf) - nread)"".
samba-4.20.0rc2/source3/modules/vfs_preopen.c:221: overflow: The expression ""nread"" is considered to have possibly overflowed.
samba-4.20.0rc2/source3/modules/vfs_preopen.c:215: overflow: The expression ""talloc_get_size(namebuf) - nread"" is deemed overflowed because at least one of its arguments has overflowed.
samba-4.20.0rc2/source3/modules/vfs_preopen.c:215: overflow_sink: ""talloc_get_size(namebuf) - nread"", which might have underflowed, is passed to ""read(sock_fd, namebuf + nread, talloc_get_size(namebuf) - nread)"". [Note: The source code implementation of the function has been overridden by a builtin model.]
213| ssize_t thistime;
214|
215|-> thistime = read(sock_fd, namebuf + nread,
216| talloc_get_size(namebuf) - nread);
217| if (thistime <= 0) {"
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
size_t to_read, void *filebuf)
{
char *namebuf = *pnamebuf;
- ssize_t nread;
+ size_t nread = 0;
ssize_t chunk;
char c = 0;
int fd;
- nread = 0;
-
do {
chunk = read(sock_fd, namebuf + nread,
talloc_get_size(namebuf) - nread);
return false;
}
+ if (nread + chunk < nread) {
+ return false;
+ }
nread += chunk;
if (nread == talloc_get_size(namebuf)) {
projects / thirdparty / samba.git / commitdiff
