From: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Date: Tue, 30 Jul 2024 22:41:54 +0000 (+1200)
Subject: ndr:dnsp: avoid theoretical int overflow (CID 1609418)
X-Git-Tag: tdb-1.4.13~1267
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=e2174dde7465f14026bb55cc000665dde1baa0eb;p=thirdparty%2Fsamba.git

ndr:dnsp: avoid theoretical int overflow (CID 1609418)

Coverity points out that if the string is longer than INT_MAX, the int
will overflow and the cast to uint8_t will discard bits.

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Jennifer Sutton <josutton@catalyst.net.nz>
---

diff --git a/librpc/ndr/ndr_dnsp.c b/librpc/ndr/ndr_dnsp.c
index b4cad86392d..2f218edade4 100644
--- a/librpc/ndr/ndr_dnsp.c
+++ b/librpc/ndr/ndr_dnsp.c
@@ -171,11 +171,12 @@ _PUBLIC_ enum ndr_err_code ndr_pull_dnsp_string(struct ndr_pull *ndr, ndr_flags_
 
 enum ndr_err_code ndr_push_dnsp_string(struct ndr_push *ndr, ndr_flags_type ndr_flags, const char *string)
 {
-	int total_len;
+	size_t total_len;
 	total_len = strlen(string);
 	if (total_len > 255) {
 		return ndr_push_error(ndr, NDR_ERR_BUFSIZE,
-				      "dns_name of length %d larger than 255", total_len);
+				      "dns_name of length %zu larger than 255",
+				      total_len);
 	}
 	NDR_CHECK(ndr_push_uint8(ndr, ndr_flags, (uint8_t)total_len));
 	NDR_CHECK(ndr_push_bytes(ndr, (const uint8_t *)string, total_len));