The Samba-Bugzilla – Attachment 17677 Details for
Bug 15260
int overflow in winbind_nss_aix
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
Patch
15260.txt (text/plain), 1.11 KB, created by
Volker Lendecke
on 2022-12-06 14:09:11 UTC
(
hide
)
Description:
Patch
Filename:
MIME Type:
Creator:
Volker Lendecke
Created:
2022-12-06 14:09:11 UTC
Size:
1.11 KB
patch
obsolete
>From d3f191b46b66dca93c71592959fbe1b43be3ab73 Mon Sep 17 00:00:00 2001 >From: Volker Lendecke <vl@samba.org> >Date: Tue, 6 Dec 2022 15:06:17 +0100 >Subject: [PATCH] nss_aix: Fix Bug 15260 int overflow in winbind_nss_aix > >Bug: https://bugzilla.samba.org/show_bug.cgi?id=15260 >Signed-off-by: Volker Lendecke <vl@samba.org> >--- > nsswitch/winbind_nss_aix.c | 7 ++++++- > 1 file changed, 6 insertions(+), 1 deletion(-) > >diff --git a/nsswitch/winbind_nss_aix.c b/nsswitch/winbind_nss_aix.c >index f1f00e92a76..3bba18c9b07 100644 >--- a/nsswitch/winbind_nss_aix.c >+++ b/nsswitch/winbind_nss_aix.c >@@ -357,7 +357,7 @@ static char *wb_aix_getgrset(char *user) > NSS_STATUS ret; > int i, idx; > char *tmpbuf; >- int num_gids; >+ size_t num_gids; > gid_t *gid_list; > char *r_user = user; > >@@ -385,6 +385,11 @@ static char *wb_aix_getgrset(char *user) > num_gids = response.data.num_entries; > gid_list = (gid_t *)response.extra_data.data; > >+ if (num_gids > SIZE_MAX/12) { >+ winbindd_free_response(&response); >+ return NULL; >+ } >+ > /* allocate a space large enough to contruct the string */ > tmpbuf = malloc(num_gids*12); > if (!tmpbuf) { >-- >2.30.2 >
You cannot view the attachment while viewing its details because your browser does not support IFRAMEs.
View the attachment on a separate page
.
View Attachment As Raw
Actions:
View
Attachments on
bug 15260
:
17677
|
17678