From 538cbfe0e90b7c7ed0f8421b323cac4dacd83f04 Mon Sep 17 00:00:00 2001
From: Ira Cooper <ira@samba.org>
Date: Thu, 13 Feb 2014 14:45:23 -0500
Subject: libcli: Overflow array index read possible, in auth code.

The values have to be signed here to allow for the values to go negative,
to prevent the overflow.

Coverity-Id: 1167990
Signed-off-by: Ira Cooper <ira@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>

Autobuild-User(master): Ira Cooper <ira@samba.org>
Autobuild-Date(master): Mon Feb 24 07:23:03 CET 2014 on sn-devel-104
---
 libcli/auth/netlogon_creds_cli.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

(limited to 'libcli')

diff --git a/libcli/auth/netlogon_creds_cli.c b/libcli/auth/netlogon_creds_cli.c
index d73335da1d6..7e882552c94 100644
--- a/libcli/auth/netlogon_creds_cli.c
+++ b/libcli/auth/netlogon_creds_cli.c
@@ -1766,8 +1766,8 @@ struct tevent_req *netlogon_creds_cli_ServerPasswordSet_send(TALLOC_CTX *mem_ctx
 
 	if (new_version != NULL) {
 		struct NL_PASSWORD_VERSION version;
-		uint32_t len = IVAL(state->samr_crypt_password.data, 512);
-		uint32_t ofs = 512 - len;
+		int32_t len = IVAL(state->samr_crypt_password.data, 512);
+		int32_t ofs = 512 - len;
 		uint8_t *p;
 
 		if (ofs < 12) {
-- 
cgit