summaryrefslogtreecommitdiffstats
path: root/src/util
diff options
context:
space:
mode:
authorSumit Bose <sbose@redhat.com>2010-12-06 21:18:50 +0100
committerStephen Gallagher <sgallagh@redhat.com>2011-01-11 12:17:53 -0500
commitf15683b4b100351e24e305d25bd4785c79ac8f55 (patch)
treea131f7c73b3ea1248f51c2fab361f4baa13c54a3 /src/util
parente1522a568dac91499f5f2039ef978a0a4ceeb3b3 (diff)
downloadsssd-f15683b4b100351e24e305d25bd4785c79ac8f55.tar.gz
sssd-f15683b4b100351e24e305d25bd4785c79ac8f55.tar.xz
sssd-f15683b4b100351e24e305d25bd4785c79ac8f55.zip
Validate user supplied size of data items
Specially crafted packages might lead to an integer overflow and the parsing of the input buffer might not continue as expected. This issue was identified by Sebastian Krahmer <krahmer@suse.de>.
Diffstat (limited to 'src/util')
-rw-r--r--src/util/util.h5
1 files changed, 5 insertions, 0 deletions
diff --git a/src/util/util.h b/src/util/util.h
index f1e11a847..ee2293472 100644
--- a/src/util/util.h
+++ b/src/util/util.h
@@ -171,6 +171,11 @@ errno_t set_debug_file_from_fd(const int fd);
#define OUT_OF_ID_RANGE(id, min, max) \
(id == 0 || (min && (id < min)) || (max && (id > max)))
+#define SIZE_T_MAX ((size_t) -1)
+
+#define SIZE_T_OVERFLOW(current, add) \
+ (((size_t)(add)) > (SIZE_T_MAX - ((size_t)(current))))
+
static inline void
safealign_memcpy(void *dest, const void *src, size_t n, size_t *counter)
{