The branch, master has been updated
       via  f173b4fd5f0 s3:smbd: Fix CID 1449599 replacing memcpy to memmove to 
avoid overflow
      from  f1a82801692 librpc:bcrypt_rsakey_blob: exponent and modulus lengths 
can't be zero

https://git.samba.org/?p=samba.git;a=shortlog;h=master


- Log -----------------------------------------------------------------
commit f173b4fd5f0be3cdc89e9807aa8a4b85fb0572cf
Author: Shweta Sodani <ssod...@redhat.com>
Date:   Fri Aug 1 11:45:52 2025 +0530

    s3:smbd: Fix CID 1449599 replacing memcpy to memmove to avoid overflow
    
    Here reply_smb1_outbuf is allocating the req->outbuf buffer, hence
    safest way to use is memmove that has a checks for overlap instead of
    memcpy.
    
    This fixes coverity issue#1449599
    
    Signed-off-by: Shweta Sodani <ssod...@redhat.com>
    Reviewed-by: Andreas Schneider <a...@samba.org>
    Reviewed-by: Anoop C S <anoo...@samba.org>
    Reviewed-by: Shwetha K Acharya <shwetha.k.acha...@ibm.com>
    
    Autobuild-User(master): Anoop C S <anoo...@samba.org>
    Autobuild-Date(master): Fri Aug  1 11:03:06 UTC 2025 on atb-devel-224

-----------------------------------------------------------------------

Summary of changes:
 source3/smbd/smb1_reply.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)


Changeset truncated at 500 lines:

diff --git a/source3/smbd/smb1_reply.c b/source3/smbd/smb1_reply.c
index 83b754f9c77..aff33a3501c 100644
--- a/source3/smbd/smb1_reply.c
+++ b/source3/smbd/smb1_reply.c
@@ -3812,7 +3812,7 @@ void error_to_writebrawerr(struct smb_request *req)
 
        reply_smb1_outbuf(req, 1, 0);
 
-       memcpy(req->outbuf, old_outbuf, smb_size);
+       memmove(req->outbuf, old_outbuf, smb_size);
        TALLOC_FREE(old_outbuf);
 }
 


-- 
Samba Shared Repository

Reply via email to