diff options
| author | Simo Sorce <simo@redhat.com> | 2012-12-19 11:56:27 -0500 |
|---|---|---|
| committer | Jakub Hrozek <jhrozek@redhat.com> | 2012-12-20 20:06:21 +0100 |
| commit | cf1a98235c38baeea639c2b738cc1135a1c8942c (patch) | |
| tree | fd952d3ad26c9cafe251c3a09143f93ded3d1622 /src/responder | |
| parent | 41147eeb43b50676ccccd1e7f5a9b20b8c19fdad (diff) | |
| download | sssd-cf1a98235c38baeea639c2b738cc1135a1c8942c.tar.gz sssd-cf1a98235c38baeea639c2b738cc1135a1c8942c.tar.xz sssd-cf1a98235c38baeea639c2b738cc1135a1c8942c.zip | |
nss_mc: Add extra checks when dereferencing records
Although it should enver happen that we pass in an invalid hash it
is always better to just not do anything than access memory ouf of
the hash table. It can lead to segfaults, or worse referencing
memory that should not be touched.
Diffstat (limited to 'src/responder')
| -rw-r--r-- | src/responder/nss/nsssrv_mmap_cache.c | 12 |
1 files changed, 12 insertions, 0 deletions
diff --git a/src/responder/nss/nsssrv_mmap_cache.c b/src/responder/nss/nsssrv_mmap_cache.c index a352abf3d..8892368f1 100644 --- a/src/responder/nss/nsssrv_mmap_cache.c +++ b/src/responder/nss/nsssrv_mmap_cache.c @@ -106,6 +106,12 @@ static void sss_mc_add_rec_to_chain(struct sss_mc_ctx *mcc, struct sss_mc_rec *cur; uint32_t slot; + if (hash > mcc->ht_size) { + /* Invalid hash. This should never happen, but better + * return than trying to access out of bounds memory */ + return; + } + slot = mcc->hash_table[hash]; if (slot == MC_INVALID_VAL) { /* no previous record/collision, just add to hash table */ @@ -136,6 +142,12 @@ static void sss_mc_rm_rec_from_chain(struct sss_mc_ctx *mcc, struct sss_mc_rec *cur = NULL; uint32_t slot; + if (hash > mcc->ht_size) { + /* Invalid hash. This should never happen, but better + * return than trying to access out of bounds memory */ + return; + } + slot = mcc->hash_table[hash]; cur = MC_SLOT_TO_PTR(mcc->data_table, slot, struct sss_mc_rec); if (cur == rec) { |