From: Joseph Sutton <josephsutton@catalyst.net.nz>
Date: Mon, 30 Oct 2023 22:35:25 +0000 (+1300)
Subject: s3:utils: Avoid integer overflow (CID 1548343)
X-Git-Tag: talloc-2.4.2~877
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=4feb76592b8f63cb2e91ebeb36212daa5bd088da;p=thirdparty%2Fsamba.git

s3:utils: Avoid integer overflow (CID 1548343)

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
---

diff --git a/source3/rpc_client/wsp_cli.c b/source3/rpc_client/wsp_cli.c
index 34eb1bc2696..0c6b53d0e17 100644
--- a/source3/rpc_client/wsp_cli.c
+++ b/source3/rpc_client/wsp_cli.c
@@ -1170,7 +1170,7 @@ static enum ndr_err_code process_columns(TALLOC_CTX *ctx,
 	enum ndr_err_code err  = NDR_ERR_SUCCESS;
 	struct ndr_pull *ndr_pull = NULL;
 	ndr_flags_type ndr_flags = NDR_SCALARS | NDR_BUFFERS;
-	uint64_t nrow_offset = nrow * bindingin->brow;
+	uint64_t nrow_offset = (uint64_t)nrow * bindingin->brow;
 
 	if (nrow_offset >= rows_buf->length) {
 		DBG_ERR("offset %"PRIu64" outside buffer range (buf len - %zu)\n",