Skip to content

Commit

Permalink
lib/krb5: fix _krb5_get_int64 on 32-bit systems
Browse files Browse the repository at this point in the history 
On systems where 'unsigned long' is 32-bits and the 'size'
parameter is set to 8 and the bytes are:

  0x78 0x00 0x00 0x00 0x00 0x00 0x00 0x00

When 'i' becomes 4 'v' will be 0 again. As 'unsigned long' is only
able to hold 4 bytes.

Change the type of 'v' from 'unsigned long' to 'uint64_t' which
matches the type of the output parameter 'value'.

(cherry picked from commit 9d1bfab)

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
CVE: CVE-2022-42898
Samba-BUG: https://bugzilla.samba.org/show_bug.cgi?id=15203
  • Loading branch information
@metze-samba @jaltman
metze-samba authored and jaltman committed Nov 16, 2022
1 parent 3c9019d commit 5e2e89b
Showing 1 changed file with 1 addition and 1 deletion.
2 changes: 1 addition & 1 deletion lib/krb5/store-int.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -49,7 +49,7 @@ KRB5_LIB_FUNCTION krb5_ssize_t KRB5_LIB_CALL
_krb5_get_int64(void *buffer, uint64_t *value, size_t size)
{
unsigned char *p = buffer;
unsigned long v = 0;
uint64_t v = 0;
size_t i;
for (i = 0; i < size; i++)
v = (v << 8) + p[i];
Expand Down

0 comments on commit 5e2e89b

Please sign in to comment.