Ensure we don't return uninitialized memory in the pad bytes.

Signed-off-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit 79503841059e945e6b14fa8c92375041c5390764)

diff --git a/source3/smbd/trans2.c b/source3/smbd/trans2.c
index 87849f1066a15aac8bcb7d0bb0c29b2b0d58a34f..f88c9868c0d846f47939242ce4d12ebd4a9a972e 100644 (file)
--- a/source3/smbd/trans2.c
+++ b/source3/smbd/trans2.c
@@ -432,6 +432,7 @@ static NTSTATUS fill_ea_chained_buffer(TALLOC_CTX *mem_ctx,
                size_t dos_namelen;
                fstring dos_ea_name;
                size_t this_size;
+               size_t pad = 0;
 
                if (last_start && store_data) {
                        SIVAL(last_start, 0, PTR_DIFF(p, last_start));
@@ -450,7 +451,7 @@ static NTSTATUS fill_ea_chained_buffer(TALLOC_CTX *mem_ctx,
                this_size = 0x08 + dos_namelen + 1 + ea_list->ea.value.length;
 
                if (ea_list->next) {
-                       size_t pad = 4 - (this_size % 4);
+                       pad = 4 - (this_size % 4);
                        this_size += pad;
                }
 
@@ -466,6 +467,11 @@ static NTSTATUS fill_ea_chained_buffer(TALLOC_CTX *mem_ctx,
                        SSVAL(p, 0x06, ea_list->ea.value.length);
                        fstrcpy((char *)(p+0x08), dos_ea_name);
                        memcpy(p + 0x08 + dos_namelen + 1, ea_list->ea.value.data, ea_list->ea.value.length);
+                       if (pad) {
+                               memset(p + 0x08 + dos_namelen + 1 + ea_list->ea.value.length,
+                                       '\0',
+                                       pad);
+                       }
                }
 
                total_data_size -= this_size;