git.samba.org
/
metze
/
samba
/
wip.git
/ commitdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
| commitdiff |
tree
raw
|
patch
|
inline
| side by side (parent:
9e64c33
)
Second part of fix for bug 7063 - Samba 3.4.5 on ubuntu 8.04 64 bit - Core dumps.
author
Jeremy Allison
<jra@samba.org>
Tue, 9 Feb 2010 22:48:15 +0000
(14:48 -0800)
committer
Karolin Seeger
<kseeger@samba.org>
Wed, 10 Feb 2010 08:50:49 +0000
(09:50 +0100)
Ensure we have no naked memcpy calls. This isn't a crash bug (it's
already checked in the data_blob_talloc_zero() above, but I want to
get into the pattern of having all memcpy's covered by safety checks.
Jeremy.
source3/rpc_server/srv_spoolss_nt.c
patch
|
blob
|
history
diff --git
a/source3/rpc_server/srv_spoolss_nt.c
b/source3/rpc_server/srv_spoolss_nt.c
index c490a38a42fd9fc32f01869af8a266193ff95efe..7f7bba077d69fa2b4cc9666858897f412ff93923 100644
(file)
--- a/
source3/rpc_server/srv_spoolss_nt.c
+++ b/
source3/rpc_server/srv_spoolss_nt.c
@@
-9955,7
+9955,10
@@
WERROR _spoolss_XcvData(pipes_struct *p,
*r->out.status_code = 0;
*r->out.status_code = 0;
- memcpy(r->out.out_data, out_data.data, out_data.length);
+ if (r->out.out_data && r->in.out_data_size && out_data.length) {
+ memcpy(r->out.out_data, out_data.data,
+ MIN(r->in.out_data_size, out_data.length));
+ }
return WERR_OK;
}
return WERR_OK;
}