explicit null dereferenced in sss_nss_mc_get_record()

https://fedorahosted.org/sssd/ticket/1724
author: Pavel Březina <pbrezina@redhat.com> 2013-01-07 10:35:34 +0100
committer: Jakub Hrozek <jhrozek@redhat.com> 2013-01-07 17:29:46 +0100
commit: f73e8aa4b34d5be577ca7481e43b6fa87d6ed986 (patch)
tree: 676d6ec088b268f2855eaf883527b61748b726b9
parent: 09d04ff881cb9e51faff1139642793ae8c7459b3 (diff)
download: sssd-f73e8aa4b34d5be577ca7481e43b6fa87d6ed986.tar.gz
sssd-f73e8aa4b34d5be577ca7481e43b6fa87d6ed986.tar.xz
sssd-f73e8aa4b34d5be577ca7481e43b6fa87d6ed986.zip
1 files changed, 5 insertions, 0 deletions
diff --git a/src/sss_client/nss_mc_common.c b/src/sss_client/nss_mc_common.c
index 59f5b257b..f777890ab 100644
--- a/src/sss_client/nss_mc_common.c
+++ b/src/sss_client/nss_mc_common.c
@@ -220,6 +220,11 @@ errno_t sss_nss_mc_get_record(struct sss_cli_mc_ctx *ctx,
             continue;
         }
 
+        if (!MC_CHECK_RECORD_LENGTH(ctx, rec)) {
+            /* record has invalid length */
+            return EINVAL;
+        }
+
         if (rec_len > buf_size) {
             free(copy_rec);
             copy_rec = malloc(rec_len);
author	Pavel Březina <pbrezina@redhat.com>	2013-01-07 10:35:34 +0100
committer	Jakub Hrozek <jhrozek@redhat.com>	2013-01-07 17:29:46 +0100
commit	f73e8aa4b34d5be577ca7481e43b6fa87d6ed986 (patch)
tree	676d6ec088b268f2855eaf883527b61748b726b9
parent	09d04ff881cb9e51faff1139642793ae8c7459b3 (diff)
download	sssd-f73e8aa4b34d5be577ca7481e43b6fa87d6ed986.tar.gz sssd-f73e8aa4b34d5be577ca7481e43b6fa87d6ed986.tar.xz sssd-f73e8aa4b34d5be577ca7481e43b6fa87d6ed986.zip