From 8b9b9869a29232cef90c445e71e4120f4f252d9f Mon Sep 17 00:00:00 2001
From: Pavel Březina <pbrezina@redhat.com>
Date: Thu, 22 Aug 2013 14:38:54 +0200
Subject: sss_packet_grow: correctly pad packet length to 512B

https://fedorahosted.org/sssd/ticket/2059

If len % SSSSRV_PACKET_MEM_SIZE == 0 or some low number,
we can end up with totlen < len and return EINVAL.

It also does not pad the length, but usually allocates
much more memory than is desired.

len = 1024
n = 1024 % 512 + 1 = 0 + 1 = 1
totlen = 1 * 512 = 512
=> totlen < len

len = 511
n = 511 % 512 + 1 = 511 + 1
totlen = 512 * 512 = 262144
totlen is way bigger than it was supposed to be
---
 src/responder/common/responder_packet.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/responder/common/responder_packet.c b/src/responder/common/responder_packet.c
index 5132d955b..6476bd6e5 100644
--- a/src/responder/common/responder_packet.c
+++ b/src/responder/common/responder_packet.c
@@ -105,7 +105,7 @@ int sss_packet_grow(struct sss_packet *packet, size_t size)
 
     /* make sure we do not overflow */
     if (totlen < len) {
-        int n = len % SSSSRV_PACKET_MEM_SIZE + 1;
+        int n = len / SSSSRV_PACKET_MEM_SIZE + 1;
         totlen += n * SSSSRV_PACKET_MEM_SIZE;
         if (totlen < len) {
             return EINVAL;
-- 
cgit