The branch, master has been updated
via 19cc587031d libndr: Add overflow check to ndr_push_subcontext_end()
from 95e1998a4a8 tests: Check symlinks are readable as reparse points
https://git.samba.org/?p=samba.git;a=shortlog;h=master
- Log -----------------------------------------------------------------
commit 19cc587031d17c823718ad2074cc3a0161972224
Author: Volker Lendecke <[email protected]>
Date: Mon Nov 25 15:08:26 2024 +0100
libndr: Add overflow check to ndr_push_subcontext_end()
Signed-off-by: Volker Lendecke <[email protected]>
Reviewed-by: Stefan Metzmacher <[email protected]>
Autobuild-User(master): Volker Lendecke <[email protected]>
Autobuild-Date(master): Mon Nov 25 15:36:07 UTC 2024 on atb-devel-224
-----------------------------------------------------------------------
Summary of changes:
librpc/ndr/ndr.c | 8 ++++++++
1 file changed, 8 insertions(+)
Changeset truncated at 500 lines:
diff --git a/librpc/ndr/ndr.c b/librpc/ndr/ndr.c
index 24db73d5001..b48c798cd75 100644
--- a/librpc/ndr/ndr.c
+++ b/librpc/ndr/ndr.c
@@ -936,6 +936,14 @@ _PUBLIC_ enum ndr_err_code ndr_push_subcontext_end(struct
ndr_push *ndr,
break;
case 2:
+ if (subndr->offset > UINT16_MAX) {
+ return ndr_push_error(
+ ndr,
+ NDR_ERR_BUFSIZE,
+ "Subcontext (PUSH) too large: %" PRIu32
+ " does not fit into 16 bits",
+ subndr->offset);
+ }
NDR_CHECK(ndr_push_uint16(ndr, NDR_SCALARS, subndr->offset));
break;
--
Samba Shared Repository
