[SCM] Samba Shared Repository - branch v3-5-test updated

Wed, 10 Feb 2010 00:50:39 -0800 

The branch, v3-5-test has been updated
       via  60fed68... Missed one check on the memcpy for bug #7063.
       via  faf4f9c... Second part of fix for bug 7063 - Samba 3.4.5 on ubuntu 
8.04 64 bit - Core dumps.
      from  b78de63... s3-docs: Add missing para end tag.

http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-5-test


- Log -----------------------------------------------------------------
commit 60fed68259f430cbd67cd1f347cc3218e3c0ea35
Author: Jeremy Allison <[email protected]>
Date:   Tue Feb 9 14:56:12 2010 -0800

    Missed one check on the memcpy for bug #7063.
    
    Jeremy.

commit faf4f9cd5e3d948b93dc94b099e87eceec8a3909
Author: Jeremy Allison <[email protected]>
Date:   Tue Feb 9 14:48:15 2010 -0800

    Second part of fix for bug 7063 - Samba 3.4.5 on ubuntu 8.04 64 bit - Core 
dumps.
    
    Ensure we have no naked memcpy calls. This isn't a crash bug (it's
    already checked in the data_blob_talloc_zero() above, but I want to
    get into the pattern of having all memcpy's covered by safety checks.
    
    Jeremy.

-----------------------------------------------------------------------

Summary of changes:
 source3/rpc_server/srv_spoolss_nt.c |    5 ++++-
 1 files changed, 4 insertions(+), 1 deletions(-)


Changeset truncated at 500 lines:

diff --git a/source3/rpc_server/srv_spoolss_nt.c 
b/source3/rpc_server/srv_spoolss_nt.c
index 127c83b..30d3d87 100644
--- a/source3/rpc_server/srv_spoolss_nt.c
+++ b/source3/rpc_server/srv_spoolss_nt.c
@@ -9449,7 +9449,10 @@ WERROR _spoolss_XcvData(pipes_struct *p,
 
        *r->out.status_code = 0;
 
-       memcpy(r->out.out_data, out_data.data, out_data.length);
+       if (r->out.out_data && out_data.data && r->in.out_data_size && 
out_data.length) {
+               memcpy(r->out.out_data, out_data.data,
+                       MIN(r->in.out_data_size, out_data.length));
+       }
 
        return WERR_OK;
 }


-- 
Samba Shared Repository

Reply via email to