git.samba.org
/
kamenim
/
samba.git
/ commitdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
| commitdiff |
tree
raw
|
patch
| inline |
side by side
(parent:
711a30a
)
s3:rpc fix potential out of bound memory access
author
Simo Sorce
<ssorce@redhat.com>
Mon, 7 Jun 2010 19:07:38 +0000
(15:07 -0400)
committer
Simo Sorce
<ssorce@redhat.com>
Mon, 7 Jun 2010 21:25:47 +0000
(17:25 -0400)
memcpy copies memory unconditionally, we are passing "" in some cases here.
Use strncpy which will stop reading from src if the null byte is found and
will fill with nulls the destination.
source3/rpc_server/rpc_ncacn_np_internal.c
patch
|
blob
|
history
diff --git
a/source3/rpc_server/rpc_ncacn_np_internal.c
b/source3/rpc_server/rpc_ncacn_np_internal.c
index 6002489bd99c0361d913200f4dc5867adae069fb..f5a3737844dc87097a367e9f533132709674cab0 100644
(file)
--- a/
source3/rpc_server/rpc_ncacn_np_internal.c
+++ b/
source3/rpc_server/rpc_ncacn_np_internal.c
@@
-159,7
+159,7
@@
struct pipes_struct *make_internal_rpc_pipe_p(TALLOC_CTX *mem_ctx,
DLIST_ADD(InternalPipes, p);
-
mem
cpy(p->client_address, client_address, sizeof(p->client_address));
+
strl
cpy(p->client_address, client_address, sizeof(p->client_address));
p->endian = RPC_LITTLE_ENDIAN;