The branch, v3-6-test has been updated
via b174e1b pdb: Fix array overrun by one. Reviewed-by: Alexander
Bokovoy <[email protected]>
from b76501d build/autoconf: put ld check variable in quotes
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-6-test
- Log -----------------------------------------------------------------
commit b174e1b496659c9e7a0fc70ad49ed0fc5906d252
Author: Andreas Schneider <[email protected]>
Date: Tue Feb 19 09:23:53 2013 +0100
pdb: Fix array overrun by one. Reviewed-by: Alexander Bokovoy
<[email protected]>
Signed-off-by: Andreas Schneider <[email protected]>
Fix bug #9686 - Fix a possible buffer overrun in pdb_smbpasswd.
-----------------------------------------------------------------------
Summary of changes:
source3/passdb/pdb_smbpasswd.c | 7 ++++---
1 files changed, 4 insertions(+), 3 deletions(-)
Changeset truncated at 500 lines:
diff --git a/source3/passdb/pdb_smbpasswd.c b/source3/passdb/pdb_smbpasswd.c
index 43d6eaf..3d1c28c 100644
--- a/source3/passdb/pdb_smbpasswd.c
+++ b/source3/passdb/pdb_smbpasswd.c
@@ -736,7 +736,8 @@ static bool mod_smbfilepwd_entry(struct smbpasswd_privates
*smbpasswd_state, con
fstring user_name;
char *status;
- char linebuf[256];
+#define LINEBUF_SIZE 255
+ char linebuf[LINEBUF_SIZE + 1];
char readbuf[1024];
int c;
fstring ascii_p16;
@@ -791,7 +792,7 @@ static bool mod_smbfilepwd_entry(struct smbpasswd_privates
*smbpasswd_state, con
linebuf[0] = '\0';
- status = fgets(linebuf, sizeof(linebuf), fp);
+ status = fgets(linebuf, LINEBUF_SIZE, fp);
if (status == NULL && ferror(fp)) {
pw_file_unlock(lockfd,
&smbpasswd_state->pw_file_lock_depth);
fclose(fp);
@@ -1020,7 +1021,7 @@ This is no longer supported.!\n", pwd->smb_name));
dump_data(100, (uint8 *)ascii_p16, wr_len);
#endif
- if(wr_len > sizeof(linebuf)) {
+ if(wr_len > LINEBUF_SIZE) {
DEBUG(0, ("mod_smbfilepwd_entry: line to write (%d) is too
long.\n", wr_len+1));
pw_file_unlock(lockfd,&smbpasswd_state->pw_file_lock_depth);
fclose(fp);
--
Samba Shared Repository
