From cb2f9e4c355d70a50cdac75708da62d7d4ace0c4 Mon Sep 17 00:00:00 2001
From: Nikolai Kondrashov <Nikolai.Kondrashov@redhat.com>
Date: Thu, 7 Jul 2016 12:48:42 +0300
Subject: [PATCH 24/24] Fix packet size calculation in sss_packet_new
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Use division instead of modulo while rounding the created packet size up
to a multiple of SSSSRV_PACKET_MEM_SIZE in sss_packet_new. This fixes
potentially packet buffer overflows with certain body sizes.
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
(cherry picked from commit 740bfe1a5bf519de8e13bdce5c4143b0f24d7433)
(cherry picked from commit 6d17ccbeef667d9151a2f1f67f3c2b38d0bf0a4c)
---
src/responder/common/responder_packet.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/responder/common/responder_packet.c b/src/responder/common/responder_packet.c
index 1a201c15c5acc0c045f71e15c578a5c039045d3d..4f5e110837eb76609d31a77c62a00e00530ffc90 100644
--- a/src/responder/common/responder_packet.c
+++ b/src/responder/common/responder_packet.c
@@ -75,7 +75,7 @@ int sss_packet_new(TALLOC_CTX *mem_ctx, size_t size,
if (!packet) return ENOMEM;
if (size) {
- int n = (size + SSS_NSS_HEADER_SIZE) % SSSSRV_PACKET_MEM_SIZE;
+ int n = (size + SSS_NSS_HEADER_SIZE) / SSSSRV_PACKET_MEM_SIZE;
packet->memsize = (n + 1) * SSSSRV_PACKET_MEM_SIZE;
} else {
packet->memsize = SSSSRV_PACKET_MEM_SIZE;
--
2.7.4
distrib
>
Mageia
>
6
>
armv7hl
>
media
>
core-updates-src
>
by-pkgid
>
288041718f979fdcacd1a648d9614dd8
>
files
>
28
