52 lines
1.7 KiB
Diff
52 lines
1.7 KiB
Diff
From 82b07bd048e8039896be7edec6b83cbd6ff218d9 Mon Sep 17 00:00:00 2001
|
|
From: Andreas Schneider <asn@samba.org>
|
|
Date: Tue, 30 Apr 2024 14:16:33 +0200
|
|
Subject: [PATCH] lib:tdb: Add missing overflow check for num_values in pytdb.c
|
|
|
|
Reference:https://github.com/samba-team/samba/commit/82b07bd048e8039896be7edec6b83cbd6ff218d9
|
|
Conflict:NA
|
|
|
|
Error: INTEGER_OVERFLOW (CWE-190):
|
|
tdb-1.4.10/pytdb.c:401: cast_overflow: Truncation due to cast operation on "num_values" from 64 to 32 bits.
|
|
tdb-1.4.10/pytdb.c:401: overflow_sink: "num_values", which might have overflowed, is passed to "tdb_storev(self->ctx, key, values, num_values, flag)".
|
|
399| }
|
|
400|
|
|
401|-> ret = tdb_storev(self->ctx, key, values, num_values, flag);
|
|
402| free(values);
|
|
403| PyErr_TDB_ERROR_IS_ERR_RAISE(ret, self->ctx);
|
|
|
|
Signed-off-by: Andreas Schneider <asn@samba.org>
|
|
Reviewed-by: Volker Lendecke <vl@samba.org>
|
|
---
|
|
pytdb.c | 6 +++++-
|
|
1 file changed, 5 insertions(+), 1 deletion(-)
|
|
|
|
diff --git a/pytdb.c b/pytdb.c
|
|
index d47d933..4d0b9d4 100644
|
|
--- a/pytdb.c
|
|
+++ b/pytdb.c
|
|
@@ -407,6 +407,10 @@ static PyObject *obj_storev(PyTdbObject *self, PyObject *args)
|
|
PyErr_SetFromErrno(PyExc_OverflowError);
|
|
return NULL;
|
|
}
|
|
+ if (num_values > INT_MAX) {
|
|
+ PyErr_SetFromErrno(PyExc_OverflowError);
|
|
+ return NULL;
|
|
+ }
|
|
values = malloc(sizeof(TDB_DATA) * num_values);
|
|
if (values == NULL) {
|
|
PyErr_NoMemory();
|
|
@@ -422,7 +426,7 @@ static PyObject *obj_storev(PyTdbObject *self, PyObject *args)
|
|
values[i] = value;
|
|
}
|
|
|
|
- ret = tdb_storev(self->ctx, key, values, num_values, flag);
|
|
+ ret = tdb_storev(self->ctx, key, values, (int)num_values, flag);
|
|
free(values);
|
|
PyErr_TDB_ERROR_IS_ERR_RAISE(ret, self->ctx);
|
|
Py_RETURN_NONE;
|
|
--
|
|
2.33.0
|
|
|
|
|