This ensures we do not over-read the source buffer, but still NUL terminate.
This may be related to debuain bug: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=808769
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Jelmer Vernooij <jelmer@samba.org>
}
v.length = val.length;
- v.data = (uint8_t *)talloc_memdup(dn, val.data, v.length+1);
+
+ /*
+ * This is like talloc_memdup(dn, v.data, v.length + 1), but
+ * avoids the over-read
+ */
+ v.data = (uint8_t *)talloc_size(dn, v.length+1);
if ( ! v.data) {
talloc_free(n);
return LDB_ERR_OTHER;
}
+ memcpy(v.data, val.data, val.length);
+
+ /*
+ * Enforce NUL termination outside the stated length, as is
+ * traditional in LDB
+ */
+ v.data[v.length] = '\0';
talloc_free(dn->components[num].name);
talloc_free(dn->components[num].value.data);