Bug 11603 - Integer overflow during tdb operations
Summary: Integer overflow during tdb operations
Alias: None
Product: TDB
Classification: Unclassified
Component: libtdb (show other bugs)
Version: unspecified
Hardware: All All
: P5 normal
Target Milestone: ---
Assignee: Samba QA Contact
QA Contact: Samba QA Contact
Depends on:
Reported: 2015-11-16 00:03 UTC by Andrew Bartlett
Modified: 2020-04-17 00:59 UTC (History)
4 users (show)

See Also:

patch for master (4.22 KB, patch)
2015-11-16 00:04 UTC, Andrew Bartlett
abartlet: review? (jra)

Note You need to log in before you can comment on or make changes to this bug.
Description Andrew Bartlett 2015-11-16 00:03:19 UTC
While testing ldbsearch with american fuzzy lop, I found these integer overflows in TDB, showing up mostly as short records in the subsequent ldb_parse().  The attached patches appear to address those. 

Careful review by a TDB developer most welcome.

Not assigned to the TDB product because we don't have a 'core samba developers group' there.
Comment 1 Andrew Bartlett 2015-11-16 00:04:10 UTC
Created attachment 11599 [details]
patch for master
Comment 10 Douglas Bagnall 2020-04-17 00:59:09 UTC
fixed in dbd87b94aafcae214053116321497941bacc7cad (2015-12-18)