URL: https://github.com/SSSD/sssd/pull/5823 Author: alexey-tikhonov Title: #5823: krb5_child: fixed incorrect checks on length value Action: opened
PR body: """ It is safer to isolate the checked (unknown/untrusted) value on the left hand side in the conditions to avoid overflows/underflows. (addition to 9f0bffebd070115ab47a92eadc6890a721c7b78d) Resolves: https://github.com/SSSD/sssd/issues/2739 """ To pull the PR as Git branch: git remote add ghsssd https://github.com/SSSD/sssd git fetch ghsssd pull/5823/head:pr5823 git checkout pr5823
From 4b9d2383b36f6017a7c24ebb04a55f8560bca4de Mon Sep 17 00:00:00 2001 From: Alexey Tikhonov <atikh...@redhat.com> Date: Tue, 12 Oct 2021 20:37:03 +0200 Subject: [PATCH] krb5_child: fixed incorrect checks on length value It is safer to isolate the checked (unknown/untrusted) value on the left hand side in the conditions to avoid overflows/underflows. (addition to 9f0bffebd070115ab47a92eadc6890a721c7b78d) Resolves: https://github.com/SSSD/sssd/issues/2739 --- src/providers/krb5/krb5_child.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/providers/krb5/krb5_child.c b/src/providers/krb5/krb5_child.c index 70e93e3198..594c86bf61 100644 --- a/src/providers/krb5/krb5_child.c +++ b/src/providers/krb5/krb5_child.c @@ -2380,7 +2380,7 @@ static errno_t unpack_authtok(struct sss_auth_token *tok, SAFEALIGN_COPY_UINT32_CHECK(&auth_token_type, buf + *p, size, p); SAFEALIGN_COPY_UINT32_CHECK(&auth_token_length, buf + *p, size, p); - if ((*p + auth_token_length) > size) { + if (auth_token_length > (size - *p)) { return EINVAL; } switch (auth_token_type) {
_______________________________________________ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure