Author: jra Date: 2007-07-02 20:51:09 +0000 (Mon, 02 Jul 2007) New Revision: 23673
WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba&rev=23673 Log: Check for integer wrap on incoming data. Jeremy. Modified: branches/SAMBA_3_0/source/lib/util_reg_api.c branches/SAMBA_3_0_26/source/lib/util_reg_api.c Changeset: Modified: branches/SAMBA_3_0/source/lib/util_reg_api.c =================================================================== --- branches/SAMBA_3_0/source/lib/util_reg_api.c 2007-07-02 09:46:18 UTC (rev 23672) +++ branches/SAMBA_3_0/source/lib/util_reg_api.c 2007-07-02 20:51:09 UTC (rev 23673) @@ -80,6 +80,12 @@ tmp[num_ucs2] = 0; } + if (length + 2 < length) { + /* Integer wrap. */ + err = WERR_INVALID_PARAM; + goto error; + } + value->v.sz.len = convert_string_talloc( value, CH_UTF16LE, CH_UNIX, tmp, length+2, &value->v.sz.str, False); Modified: branches/SAMBA_3_0_26/source/lib/util_reg_api.c =================================================================== --- branches/SAMBA_3_0_26/source/lib/util_reg_api.c 2007-07-02 09:46:18 UTC (rev 23672) +++ branches/SAMBA_3_0_26/source/lib/util_reg_api.c 2007-07-02 20:51:09 UTC (rev 23673) @@ -80,6 +80,12 @@ tmp[num_ucs2] = 0; } + if (length + 2 < length) { + /* Integer wrap. */ + err = WERR_INVALID_PARAM; + goto error; + } + value->v.sz.len = convert_string_talloc( value, CH_UTF16LE, CH_UNIX, tmp, length+2, &value->v.sz.str, False);
