summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorAndrew Bartlett <abartlet@samba.org>2006-07-25 00:53:03 +0000
committerGerald (Jerry) Carter <jerry@samba.org>2007-10-10 14:10:20 -0500
commitc047a88f41ffed47e2eb422f8efb594aae80d61e (patch)
tree322bca2016b644d5e91e7621925a6e47e840fb5a
parentd8f1e27b19fb37eda9849fe7ffac7be0e6246ccb (diff)
downloadsamba-c047a88f41ffed47e2eb422f8efb594aae80d61e.tar.gz
samba-c047a88f41ffed47e2eb422f8efb594aae80d61e.tar.bz2
samba-c047a88f41ffed47e2eb422f8efb594aae80d61e.zip
r17221: Add some integer wrap parinoia to data_blob_append().
Andrew Bartlett (This used to be commit 7c5a25a423da3db982396ac507df985fa934be73)
-rw-r--r--source4/lib/util/data_blob.c23
1 files changed, 18 insertions, 5 deletions
diff --git a/source4/lib/util/data_blob.c b/source4/lib/util/data_blob.c
index 118d78ca60..3253d52ee7 100644
--- a/source4/lib/util/data_blob.c
+++ b/source4/lib/util/data_blob.c
@@ -202,17 +202,30 @@ _PUBLIC_ NTSTATUS data_blob_realloc(TALLOC_CTX *mem_ctx, DATA_BLOB *blob, size_t
return NT_STATUS_OK;
}
+
/**
append some data to a data blob
**/
_PUBLIC_ NTSTATUS data_blob_append(TALLOC_CTX *mem_ctx, DATA_BLOB *blob,
const void *p, size_t length)
{
- blob->data = talloc_realloc_size(mem_ctx, blob->data,
- blob->length + length);
- NT_STATUS_HAVE_NO_MEMORY(blob->data);
- memcpy(blob->data + blob->length, p, length);
- blob->length += length;
+ NTSTATUS status;
+ size_t old_len = blob->length;
+ size_t new_len = old_len + length;
+ if (new_len < length || new_len < old_len) {
+ return NT_STATUS_NO_MEMORY;
+ }
+
+ if ((const uint8_t *)p + length < (const uint8_t *)p) {
+ return NT_STATUS_NO_MEMORY;
+ }
+
+ status = data_blob_realloc(mem_ctx, blob, new_len);
+ if (!NT_STATUS_IS_OK(status)) {
+ return status;
+ }
+
+ memcpy(blob->data + old_len, p, length);
return NT_STATUS_OK;
}