s3: Fix a crash in libsmbclient used against the OpenSolaris CIFS server

A user has sent me a sniff where the OpenSolaris CIFS server returns "32" in
totalentries, but the array in ctr only contains 15 entries. Look at the right
delimiter for walking the array.

Fix bug #7046 (libsmbclient crash against OpenSolaris CIFS server).
(cherry picked from commit 1d611028433db18e96d946b206a8eed1048f9b26)

diff --git a/source/libsmb/libsmb_dir.c b/source/libsmb/libsmb_dir.c
index b370f4b9938698d0cb061d37658bcf17b4d3efd9..845ee5ef656d8eaee4b8af08170087047520bcd6 100644 (file)
--- a/source/libsmb/libsmb_dir.c
+++ b/source/libsmb/libsmb_dir.c
@@ -303,7 +303,7 @@ net_share_enum_rpc(struct cli_state *cli,
         }
 
         /* For each returned entry... */
-        for (i = 0; i < total_entries; i++) {
+        for (i = 0; i < info_ctr.ctr.ctr1->count; i++) {
 
                 /* pull out the share name */
                fstrcpy(name, info_ctr.ctr.ctr1->array[i].name);