From: Andreas Schneider Date: Fri, 21 Jun 2024 08:57:32 +0000 (+0200) Subject: s3:winbind: Fix integer type of len X-Git-Tag: tdb-1.4.11~238 X-Git-Url: http://git.ipfire.org/gitweb/gitweb.cgi?a=commitdiff_plain;h=b11cf72c1be13b83fb9a3e8c852ba73ac3f7e9e2;p=thirdparty%2Fsamba.git s3:winbind: Fix integer type of len "Error: INTEGER_OVERFLOW (CWE-190): samba-4.20.0rc2/source3/winbindd/winbindd_cache.c:849: cast_overflow: Truncation due to cast operation on ""len"" from 32 to 8 bits. samba-4.20.0rc2/source3/winbindd/winbindd_cache.c:851: overflow_sink: ""len"", which might have overflowed, is passed to ""memcpy(centry->data + centry->ofs, s, len)"". [Note: The source code implementation of the function has been overridden by a builtin model.] 849| centry_put_uint8(centry, len); 850| centry_expand(centry, len); 851|-> memcpy(centry->data + centry->ofs, s, len); 852| centry->ofs += len; 853| }" Signed-off-by: Andreas Schneider Reviewed-by: Martin Schwenke --- diff --git a/source3/winbindd/winbindd_cache.c b/source3/winbindd/winbindd_cache.c index 833862ab99e..0e426876582 100644 --- a/source3/winbindd/winbindd_cache.c +++ b/source3/winbindd/winbindd_cache.c @@ -834,7 +834,7 @@ static void centry_put_uint8(struct cache_entry *centry, uint8_t v) */ static void centry_put_string(struct cache_entry *centry, const char *s) { - int len; + size_t len; if (!s) { /* null strings are marked as len 0xFFFF */ @@ -845,7 +845,8 @@ static void centry_put_string(struct cache_entry *centry, const char *s) len = strlen(s); /* can't handle more than 254 char strings. Truncating is probably best */ if (len > 254) { - DBG_DEBUG("centry_put_string: truncating len (%d) to: 254\n", len); + DBG_DEBUG("centry_put_string: truncating len (%zu) to: 254\n", + len); len = 254; } centry_put_uint8(centry, len);