From: Volker Lendecke <vl@samba.org>
Date: Fri, 22 Jul 2016 14:12:25 +0000 (+0200)
Subject: tevent: Add overflow protection to tevent_req_create
X-Git-Tag: tdb-1.3.10~178
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=0dd1c658c76ab24095ca591aa6e5a85ed59ff5f8;p=thirdparty%2Fsamba.git

tevent: Add overflow protection to tevent_req_create

This adds 40 bytes, but they are needed for correctness :-)

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>

Autobuild-User(master): Volker Lendecke <vl@samba.org>
Autobuild-Date(master): Fri Jul 22 23:33:57 CEST 2016 on sn-devel-144
---

diff --git a/lib/tevent/tevent_req.c b/lib/tevent/tevent_req.c
index fe613cc834c..e2b7104d16a 100644
--- a/lib/tevent/tevent_req.c
+++ b/lib/tevent/tevent_req.c
@@ -62,6 +62,13 @@ struct tevent_req *_tevent_req_create(TALLOC_CTX *mem_ctx,
 	struct tevent_req *req;
 	void **ppdata = (void **)pdata;
 	void *data;
+	size_t payload;
+
+	payload = sizeof(struct tevent_immediate) + data_size;
+	if (payload < sizeof(struct tevent_immediate)) {
+		/* overflow */
+		return NULL;
+	}
 
 	req = talloc_pooled_object(
 		mem_ctx, struct tevent_req, 2,