Fix packet size calculation in sss_packet_new

Use division instead of modulo while rounding the created packet size up to a multiple of SSSSRV_PACKET_MEM_SIZE in sss_packet_new. This fixes potentially packet buffer overflows with certain body sizes. Reviewed-by: Pavel Březina <pbrezina@redhat.com>
author: Nikolai Kondrashov <Nikolai.Kondrashov@redhat.com> 2016-07-07 12:48:42 +0300
committer: Lukas Slebodnik <lslebodn@redhat.com> 2016-07-07 12:52:01 +0200
commit: 740bfe1a5bf519de8e13bdce5c4143b0f24d7433 (patch)
tree: 0d49860a3f1d213e312bb0a4d53ff44d251fa6e4 /src/responder/common
parent: 78027feeb56d6fe216f699be86a4716aaef3f628 (diff)
download: sssd-740bfe1a5bf519de8e13bdce5c4143b0f24d7433.tar.gz
sssd-740bfe1a5bf519de8e13bdce5c4143b0f24d7433.tar.xz
sssd-740bfe1a5bf519de8e13bdce5c4143b0f24d7433.zip
1 files changed, 1 insertions, 1 deletions
diff --git a/src/responder/common/responder_packet.c b/src/responder/common/responder_packet.c
index 1a201c15c..4f5e11083 100644
--- a/src/responder/common/responder_packet.c
+++ b/src/responder/common/responder_packet.c
@@ -75,7 +75,7 @@ int sss_packet_new(TALLOC_CTX *mem_ctx, size_t size,
     if (!packet) return ENOMEM;
 
     if (size) {
-        int n = (size + SSS_NSS_HEADER_SIZE) % SSSSRV_PACKET_MEM_SIZE;
+        int n = (size + SSS_NSS_HEADER_SIZE) / SSSSRV_PACKET_MEM_SIZE;
         packet->memsize = (n + 1) * SSSSRV_PACKET_MEM_SIZE;
     } else {
         packet->memsize = SSSSRV_PACKET_MEM_SIZE;
author	Nikolai Kondrashov <Nikolai.Kondrashov@redhat.com>	2016-07-07 12:48:42 +0300
committer	Lukas Slebodnik <lslebodn@redhat.com>	2016-07-07 12:52:01 +0200
commit	740bfe1a5bf519de8e13bdce5c4143b0f24d7433 (patch)
tree	0d49860a3f1d213e312bb0a4d53ff44d251fa6e4 /src/responder/common
parent	78027feeb56d6fe216f699be86a4716aaef3f628 (diff)
download	sssd-740bfe1a5bf519de8e13bdce5c4143b0f24d7433.tar.gz sssd-740bfe1a5bf519de8e13bdce5c4143b0f24d7433.tar.xz sssd-740bfe1a5bf519de8e13bdce5c4143b0f24d7433.zip