git.samba.org
/
samba.git
/ commitdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
| commitdiff |
tree
raw
|
patch
| inline |
side by side
(parent:
c22b34a
)
s3:smbd: do not access data behind req->buf+req->buflen in srvstr_pull_req_talloc()
author
Ralph Wuerthner
<ralph.wuerthner@de.ibm.com>
Thu, 4 Apr 2013 11:29:01 +0000
(13:29 +0200)
committer
Karolin Seeger
<kseeger@samba.org>
Wed, 17 Apr 2013 06:56:03 +0000
(08:56 +0200)
The last 3 patches address bug #9782 - Panic when running 'smbtorture smb.base'.
source3/smbd/reply.c
patch
|
blob
|
history
diff --git
a/source3/smbd/reply.c
b/source3/smbd/reply.c
index 3717f366ee8d89d84b53daa7711868a69df5c967..c815a5a9dd49fe0296a32e83b0480a54401fc025 100644
(file)
--- a/
source3/smbd/reply.c
+++ b/
source3/smbd/reply.c
@@
-346,8
+346,14
@@
size_t srvstr_get_path_req(TALLOC_CTX *mem_ctx, struct smb_request *req,
size_t srvstr_pull_req_talloc(TALLOC_CTX *ctx, struct smb_request *req,
char **dest, const char *src, int flags)
{
+ ssize_t bufrem = smbreq_bufrem(req, src);
+
+ if (bufrem < 0) {
+ return 0;
+ }
+
return pull_string_talloc(ctx, req->inbuf, req->flags2, dest, src,
-
smbreq_bufrem(req, src)
, flags);
+
bufrem
, flags);
}
/****************************************************************************