diff options
author | Pavel Březina <pbrezina@redhat.com> | 2013-08-22 14:38:54 +0200 |
---|---|---|
committer | Jakub Hrozek <jhrozek@redhat.com> | 2013-09-03 16:23:33 +0200 |
commit | d8c060f039cf94f6059a0901d2b68d1ca403715a (patch) | |
tree | b36a40a3872d207d5566c37d02cb01d0dae4d2c0 /src/responder | |
parent | 5c0050453d152b49142188c3771f2ca3e4f5c6ab (diff) | |
download | sssd-d8c060f039cf94f6059a0901d2b68d1ca403715a.tar.gz sssd-d8c060f039cf94f6059a0901d2b68d1ca403715a.tar.xz sssd-d8c060f039cf94f6059a0901d2b68d1ca403715a.zip |
sss_packet_grow: correctly pad packet length to 512B
https://fedorahosted.org/sssd/ticket/2059
If len % SSSSRV_PACKET_MEM_SIZE == 0 or some low number,
we can end up with totlen < len and return EINVAL.
It also does not pad the length, but usually allocates
much more memory than is desired.
len = 1024
n = 1024 % 512 + 1 = 0 + 1 = 1
totlen = 1 * 512 = 512
=> totlen < len
len = 511
n = 511 % 512 + 1 = 511 + 1
totlen = 512 * 512 = 262144
totlen is way bigger than it was supposed to be
Diffstat (limited to 'src/responder')
-rw-r--r-- | src/responder/common/responder_packet.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/src/responder/common/responder_packet.c b/src/responder/common/responder_packet.c index 5132d955b..6476bd6e5 100644 --- a/src/responder/common/responder_packet.c +++ b/src/responder/common/responder_packet.c @@ -105,7 +105,7 @@ int sss_packet_grow(struct sss_packet *packet, size_t size) /* make sure we do not overflow */ if (totlen < len) { - int n = len % SSSSRV_PACKET_MEM_SIZE + 1; + int n = len / SSSSRV_PACKET_MEM_SIZE + 1; totlen += n * SSSSRV_PACKET_MEM_SIZE; if (totlen < len) { return EINVAL; |