diff options
Diffstat (limited to 'src/providers/ldap')
-rw-r--r-- | src/providers/ldap/ldap_child.c | 6 | ||||
-rw-r--r-- | src/providers/ldap/sdap_child_helpers.c | 2 |
2 files changed, 4 insertions, 4 deletions
diff --git a/src/providers/ldap/ldap_child.c b/src/providers/ldap/ldap_child.c index 191d5bc65..7ce8d4e6c 100644 --- a/src/providers/ldap/ldap_child.c +++ b/src/providers/ldap/ldap_child.c @@ -66,7 +66,7 @@ static errno_t unpack_buffer(uint8_t *buf, size_t size, DEBUG(SSSDBG_TRACE_LIBS, "realm_str size: %d\n", len); if (len) { - if ((p + len ) > size) return EINVAL; + if (len > size - p) return EINVAL; ibuf->realm_str = talloc_strndup(ibuf, (char *)(buf + p), len); DEBUG(SSSDBG_TRACE_LIBS, "got realm_str: %s\n", ibuf->realm_str); if (ibuf->realm_str == NULL) return ENOMEM; @@ -78,7 +78,7 @@ static errno_t unpack_buffer(uint8_t *buf, size_t size, DEBUG(SSSDBG_TRACE_LIBS, "princ_str size: %d\n", len); if (len) { - if ((p + len ) > size) return EINVAL; + if (len > size - p) return EINVAL; ibuf->princ_str = talloc_strndup(ibuf, (char *)(buf + p), len); DEBUG(SSSDBG_TRACE_LIBS, "got princ_str: %s\n", ibuf->princ_str); if (ibuf->princ_str == NULL) return ENOMEM; @@ -90,7 +90,7 @@ static errno_t unpack_buffer(uint8_t *buf, size_t size, DEBUG(SSSDBG_TRACE_LIBS, "keytab_name size: %d\n", len); if (len) { - if ((p + len ) > size) return EINVAL; + if (len > size - p) return EINVAL; ibuf->keytab_name = talloc_strndup(ibuf, (char *)(buf + p), len); DEBUG(SSSDBG_TRACE_LIBS, "got keytab_name: %s\n", ibuf->keytab_name); if (ibuf->keytab_name == NULL) return ENOMEM; diff --git a/src/providers/ldap/sdap_child_helpers.c b/src/providers/ldap/sdap_child_helpers.c index afe6351e9..90330f13f 100644 --- a/src/providers/ldap/sdap_child_helpers.c +++ b/src/providers/ldap/sdap_child_helpers.c @@ -222,7 +222,7 @@ static int parse_child_response(TALLOC_CTX *mem_ctx, /* ccache name size */ SAFEALIGN_COPY_UINT32_CHECK(&len, buf + p, size, &p); - if ((p + len ) > size) return EINVAL; + if (len > size - p) return EINVAL; ccn = talloc_size(mem_ctx, sizeof(char) * (len + 1)); if (ccn == NULL) { |