diff options
author | Sumit Bose <sbose@redhat.com> | 2010-12-06 21:18:50 +0100 |
---|---|---|
committer | Stephen Gallagher <sgallagh@redhat.com> | 2011-01-11 12:25:02 -0500 |
commit | 9c0dba9a2928b4b262283ed957a55fa10d5b269f (patch) | |
tree | 5b190763128643b29a66e3411483421a15c4ba0c /src/util/util.h | |
parent | 8fa6093098d689334ed77e79b0dd91491de65ba4 (diff) | |
download | sssd-9c0dba9a2928b4b262283ed957a55fa10d5b269f.tar.gz sssd-9c0dba9a2928b4b262283ed957a55fa10d5b269f.tar.xz sssd-9c0dba9a2928b4b262283ed957a55fa10d5b269f.zip |
Validate user supplied size of data items
Specially crafted packages might lead to an integer overflow and the
parsing of the input buffer might not continue as expected. This issue
was identified by Sebastian Krahmer <krahmer@suse.de>.
Diffstat (limited to 'src/util/util.h')
-rw-r--r-- | src/util/util.h | 5 |
1 files changed, 5 insertions, 0 deletions
diff --git a/src/util/util.h b/src/util/util.h index e93f6f863..7c355500e 100644 --- a/src/util/util.h +++ b/src/util/util.h @@ -169,6 +169,11 @@ errno_t set_debug_file_from_fd(const int fd); #define OUT_OF_ID_RANGE(id, min, max) \ (id == 0 || (min && (id < min)) || (max && (id > max))) +#define SIZE_T_MAX ((size_t) -1) + +#define SIZE_T_OVERFLOW(current, add) \ + (((size_t)(add)) > (SIZE_T_MAX - ((size_t)(current)))) + static inline void safealign_memcpy(void *dest, const void *src, size_t n, size_t *counter) { |