From: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Date: Thu, 22 Aug 2024 22:14:04 +0000 (+1200)
Subject: ldb:dn_compare_base: avoid unlikely int overflow
X-Git-Tag: tdb-1.4.13~261
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=d8b7712c53d52dbf3a16ca2ad8f9e3c994a0f72b;p=thirdparty%2Fsamba.git

ldb:dn_compare_base: avoid unlikely int overflow

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn@samba.org>
---

diff --git a/lib/ldb/common/ldb_dn.c b/lib/ldb/common/ldb_dn.c
index 16de79db552..0af0d94826a 100644
--- a/lib/ldb/common/ldb_dn.c
+++ b/lib/ldb/common/ldb_dn.c
@@ -1062,13 +1062,15 @@ int ldb_dn_compare_base(struct ldb_dn *base, struct ldb_dn *dn)
 		if (base->linearized && dn->linearized && dn->special == base->special) {
 			/* try with a normal compare first, if we are lucky
 			 * we will avoid exploding and casefolding */
-			int dif;
-			dif = strlen(dn->linearized) - strlen(base->linearized);
-			if (dif < 0) {
-				return dif;
+			size_t len_dn = strlen(dn->linearized);
+			size_t len_base = strlen(base->linearized);
+
+			if (len_dn < len_base) {
+				return -1;
 			}
+
 			if (strcmp(base->linearized,
-				   &dn->linearized[dif]) == 0) {
+				   &dn->linearized[len_dn - len_base]) == 0) {
 				return 0;
 			}
 		}