git.samba.org / samba.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 6801e3b)
s3: Fix an uninitialized variable read
authorVolker Lendecke <vl@samba.org>
Sun, 14 Mar 2010 20:18:34 +0000 (21:18 +0100)
committerKarolin Seeger <kseeger@samba.org>
Thu, 6 May 2010 12:08:33 +0000 (14:08 +0200)
Found by Laurent Gaffie <laurent.gaffie@gmail.com>

Thanks for that,

Volker

Fix bug #7254 (An uninitialized variable read could cause an smbd crash).
(cherry picked from commit 9280051bfba337458722fb157f3082f93cbd9f2b)
(cherry picked from commit 3373b973ef892f013dbf6a1df805de158c0ff4e2)

source3/smbd/sesssetup.c patch | blob | history

diff --git a/source3/smbd/sesssetup.c b/source3/smbd/sesssetup.c
index 044e3988af3d8916e383c928da488a0932e57cc5..2a30a789f4046936e4b63b498d8291ba3b9df29d 100644 (file)
--- a/source3/smbd/sesssetup.c
+++ b/source3/smbd/sesssetup.c
@@ -1184,7 +1184,7 @@ static void reply_sesssetup_and_X_spnego(struct smb_request *req)
        file_save("negotiate.dat", blob1.data, blob1.length);
 #endif
 
-       p2 = (char *)req->buf + data_blob_len;
+       p2 = (char *)req->buf + blob1.length;
 
        p2 += srvstr_pull_req_talloc(talloc_tos(), req, &tmp, p2,
                                     STR_TERMINATE);
Samba Shared Repository