Validate user supplied size of data items

Specially crafted packages might lead to an integer overflow and the parsing of the input buffer might not continue as expected. This issue was identified by Sebastian Krahmer <krahmer@suse.de>.
author: Sumit Bose <sbose@redhat.com> 2010-12-06 21:18:50 +0100
committer: Stephen Gallagher <sgallagh@redhat.com> 2011-01-11 12:25:02 -0500
commit: 9c0dba9a2928b4b262283ed957a55fa10d5b269f (patch)
tree: 5b190763128643b29a66e3411483421a15c4ba0c /src/util/util.h
parent: 8fa6093098d689334ed77e79b0dd91491de65ba4 (diff)
download: sssd-9c0dba9a2928b4b262283ed957a55fa10d5b269f.tar.gz
sssd-9c0dba9a2928b4b262283ed957a55fa10d5b269f.tar.xz
sssd-9c0dba9a2928b4b262283ed957a55fa10d5b269f.zip
1 files changed, 5 insertions, 0 deletions
diff --git a/src/util/util.h b/src/util/util.h
index e93f6f863..7c355500e 100644
--- a/src/util/util.h
+++ b/src/util/util.h
@@ -169,6 +169,11 @@ errno_t set_debug_file_from_fd(const int fd);
 #define OUT_OF_ID_RANGE(id, min, max) \
     (id == 0 || (min && (id < min)) || (max && (id > max)))
 
+#define SIZE_T_MAX ((size_t) -1)
+
+#define SIZE_T_OVERFLOW(current, add) \
+                        (((size_t)(add)) > (SIZE_T_MAX - ((size_t)(current))))
+
 static inline void
 safealign_memcpy(void *dest, const void *src, size_t n, size_t *counter)
 {
author	Sumit Bose <sbose@redhat.com>	2010-12-06 21:18:50 +0100
committer	Stephen Gallagher <sgallagh@redhat.com>	2011-01-11 12:25:02 -0500
commit	9c0dba9a2928b4b262283ed957a55fa10d5b269f (patch)
tree	5b190763128643b29a66e3411483421a15c4ba0c /src/util/util.h
parent	8fa6093098d689334ed77e79b0dd91491de65ba4 (diff)
download	sssd-9c0dba9a2928b4b262283ed957a55fa10d5b269f.tar.gz sssd-9c0dba9a2928b4b262283ed957a55fa10d5b269f.tar.xz sssd-9c0dba9a2928b4b262283ed957a55fa10d5b269f.zip