diff options
author | Sumit Bose <sbose@redhat.com> | 2010-12-06 21:18:50 +0100 |
---|---|---|
committer | Stephen Gallagher <sgallagh@redhat.com> | 2011-01-11 12:17:53 -0500 |
commit | f15683b4b100351e24e305d25bd4785c79ac8f55 (patch) | |
tree | a131f7c73b3ea1248f51c2fab361f4baa13c54a3 /src/util | |
parent | e1522a568dac91499f5f2039ef978a0a4ceeb3b3 (diff) | |
download | sssd-f15683b4b100351e24e305d25bd4785c79ac8f55.tar.gz sssd-f15683b4b100351e24e305d25bd4785c79ac8f55.tar.bz2 sssd-f15683b4b100351e24e305d25bd4785c79ac8f55.zip |
Validate user supplied size of data items
Specially crafted packages might lead to an integer overflow and the
parsing of the input buffer might not continue as expected. This issue
was identified by Sebastian Krahmer <krahmer@suse.de>.
Diffstat (limited to 'src/util')
-rw-r--r-- | src/util/util.h | 5 |
1 files changed, 5 insertions, 0 deletions
diff --git a/src/util/util.h b/src/util/util.h index f1e11a84..ee229347 100644 --- a/src/util/util.h +++ b/src/util/util.h @@ -171,6 +171,11 @@ errno_t set_debug_file_from_fd(const int fd); #define OUT_OF_ID_RANGE(id, min, max) \ (id == 0 || (min && (id < min)) || (max && (id > max))) +#define SIZE_T_MAX ((size_t) -1) + +#define SIZE_T_OVERFLOW(current, add) \ + (((size_t)(add)) > (SIZE_T_MAX - ((size_t)(current)))) + static inline void safealign_memcpy(void *dest, const void *src, size_t n, size_t *counter) { |