Bug 11603 - Integer overflow during tdb operations
Summary: Integer overflow during tdb operations
Status: RESOLVED FIXED
Alias: None
Product: TDB
Classification: Unclassified
Component: libtdb (show other bugs)
Version: unspecified
Hardware: All All
: P5 normal
Target Milestone: ---
Assignee: Samba QA Contact
QA Contact: Samba QA Contact
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2015-11-16 00:03 UTC by Andrew Bartlett
Modified: 2020-04-17 00:59 UTC (History)
4 users (show)

See Also:

Attachments
patch for master (4.22 KB, patch)
2015-11-16 00:04 UTC, Andrew Bartlett 		abartlet: review? (jra)
 Details
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Andrew Bartlett 2015-11-16 00:03:19 UTC 
While testing ldbsearch with american fuzzy lop, I found these integer overflows in TDB, showing up mostly as short records in the subsequent ldb_parse().  The attached patches appear to address those. 

Careful review by a TDB developer most welcome.

Not assigned to the TDB product because we don't have a 'core samba developers group' there.
Comment 1 Andrew Bartlett 2015-11-16 00:04:10 UTC 
Created attachment 11599 [details]
patch for master
Comment 10 Douglas Bagnall 2020-04-17 00:59:09 UTC 
fixed in dbd87b94aafcae214053116321497941bacc7cad (2015-12-18)