(Fixed) Final part of fix for bug #5953 - smbclient crashes: cli_list_new segmentatio...

author Kai Blin <kai@samba.org>

Tue, 16 Dec 2008 21:40:38 +0000 (13:40 -0800)

committer Jeremy Allison <jra@samba.org>

Tue, 16 Dec 2008 21:40:38 +0000 (13:40 -0800)
author Kai Blin <kai@samba.org>
Tue, 16 Dec 2008 21:40:38 +0000 (13:40 -0800)
committer Jeremy Allison <jra@samba.org>
Tue, 16 Dec 2008 21:40:38 +0000 (13:40 -0800)
diff --git a/source3/libsmb/clilist.c b/source3/libsmb/clilist.c

index cebafc6919a0d522f38f6ca6a1704a4050746a30..1431b804b040e0258670f79e24a171b3635bbb08 100644 (file)
--- a/source3/libsmb/clilist.c
+++ b/source3/libsmb/clilist.c
@@ -79,16 +79,17 @@ static size_t interpret_long_filename(TALLOC_CTX *ctx,
                         p += 27;
                         p += clistr_align_in(cli, p, 0);
  
-                       /* We can safely use +1 here (which is required by OS/2)
-                        * instead of +2 as the STR_TERMINATE flag below is
+                       /* We can safely use len here (which is required by OS/2)
+                        * and the NAS-BASIC server instead of +2 or +1 as the
+                        * STR_TERMINATE flag below is
                          * actually used as the length calculation.
-                        * The len+2 is merely an upper bound.
+                        * The len is merely an upper bound.
                          * Due to the explicit 2 byte null termination
                          * in cli_receive_trans/cli_receive_nt_trans
                          * we know this is safe. JRA + kukks
                          */
  
-                       if (p + len + 1 > pdata_end) {
+                       if (p + len > pdata_end) {
                                 return pdata_end - base;
                         }
author	Kai Blin <kai@samba.org>
	Tue, 16 Dec 2008 21:40:38 +0000 (13:40 -0800)
committer	Jeremy Allison <jra@samba.org>
	Tue, 16 Dec 2008 21:40:38 +0000 (13:40 -0800)