s3: avoid reading past the end of buffer in tdb_unpack 'f' if zero termination is...

author Gregor Beck <gbeck@sernet.de>

Tue, 5 Jul 2011 09:55:34 +0000 (11:55 +0200)

committer Michael Adam <obnox@samba.org>

Mon, 15 Aug 2011 15:44:36 +0000 (17:44 +0200)
author Gregor Beck <gbeck@sernet.de>
Tue, 5 Jul 2011 09:55:34 +0000 (11:55 +0200)
committer Michael Adam <obnox@samba.org>
Mon, 15 Aug 2011 15:44:36 +0000 (17:44 +0200)
diff --git a/source3/lib/util_tdb.c b/source3/lib/util_tdb.c

index 9bc19a0ee966d7b12e10591f5be66e31f24c3b83..84b62298b1775537d18be212042f84584b921052 100644 (file)
--- a/source3/lib/util_tdb.c
+++ b/source3/lib/util_tdb.c
@@ -321,7 +321,7 @@ int tdb_unpack(const uint8 *buf, int bufsize, const char *fmt, ...)
                         break;
                 case 'f': /* null-terminated string */
                         s = va_arg(ap,char *);
-                       len = strlen((const char *)buf) + 1;
+                       len = strnlen((const char *)buf, bufsize) + 1;
                         if (bufsize < len || len > sizeof(fstring))
                                 goto no_space;
                         memcpy(s, buf, len);
author	Gregor Beck <gbeck@sernet.de>
	Tue, 5 Jul 2011 09:55:34 +0000 (11:55 +0200)
committer	Michael Adam <obnox@samba.org>
	Mon, 15 Aug 2011 15:44:36 +0000 (17:44 +0200)