CVE-2013-4408:s3:ctdb_conn: add some length verification to ctdb_packet_more()

Bug: https://bugzilla.samba.org/show_bug.cgi?id=10185 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
author: Stefan Metzmacher <metze@samba.org> 2013-10-16 16:26:58 +0200
committer: Karolin Seeger <kseeger@samba.org> 2013-12-05 10:18:09 +0100
commit: da5dfc7617794e8ca1faaef73f5d78ea73dcfb90 (patch)
tree: f6a5a89ff6e412b841a483516ab762225c5024c9 /source3/lib
parent: bdb643e9cbd4df6c8d6868015d61441cb67dcd66 (diff)
download: samba-da5dfc7617794e8ca1faaef73f5d78ea73dcfb90.tar.gz
1 files changed, 5 insertions, 0 deletions
diff --git a/source3/lib/ctdb_conn.c b/source3/lib/ctdb_conn.c
index 90930eb86b..40071d4e5c 100644
--- a/source3/lib/ctdb_conn.c
+++ b/source3/lib/ctdb_conn.c
@@ -233,6 +233,11 @@ static ssize_t ctdb_packet_more(uint8_t *buf, size_t buflen, void *p)
 		return 0;
 	}
 	memcpy(&len, buf, sizeof(len));
+
+	if (len < sizeof(uint32_t)) {
+		return -1;
+	}
+
 	return (len - sizeof(uint32_t));
 }
author	Stefan Metzmacher <metze@samba.org>	2013-10-16 16:26:58 +0200
committer	Karolin Seeger <kseeger@samba.org>	2013-12-05 10:18:09 +0100
commit	da5dfc7617794e8ca1faaef73f5d78ea73dcfb90 (patch)
tree	f6a5a89ff6e412b841a483516ab762225c5024c9 /source3/lib
parent	bdb643e9cbd4df6c8d6868015d61441cb67dcd66 (diff)
download	samba-da5dfc7617794e8ca1faaef73f5d78ea73dcfb90.tar.gz