The branch, master has been updated
via f173b4fd5f0 s3:smbd: Fix CID 1449599 replacing memcpy to memmove to
avoid overflow
from f1a82801692 librpc:bcrypt_rsakey_blob: exponent and modulus lengths
can't be zero
https://git.samba.org/?p=samba.git;a=shortlog;h=master
- Log -----------------------------------------------------------------
commit f173b4fd5f0be3cdc89e9807aa8a4b85fb0572cf
Author: Shweta Sodani <ssod...@redhat.com>
Date: Fri Aug 1 11:45:52 2025 +0530
s3:smbd: Fix CID 1449599 replacing memcpy to memmove to avoid overflow
Here reply_smb1_outbuf is allocating the req->outbuf buffer, hence
safest way to use is memmove that has a checks for overlap instead of
memcpy.
This fixes coverity issue#1449599
Signed-off-by: Shweta Sodani <ssod...@redhat.com>
Reviewed-by: Andreas Schneider <a...@samba.org>
Reviewed-by: Anoop C S <anoo...@samba.org>
Reviewed-by: Shwetha K Acharya <shwetha.k.acha...@ibm.com>
Autobuild-User(master): Anoop C S <anoo...@samba.org>
Autobuild-Date(master): Fri Aug 1 11:03:06 UTC 2025 on atb-devel-224
-----------------------------------------------------------------------
Summary of changes:
source3/smbd/smb1_reply.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
Changeset truncated at 500 lines:
diff --git a/source3/smbd/smb1_reply.c b/source3/smbd/smb1_reply.c
index 83b754f9c77..aff33a3501c 100644
--- a/source3/smbd/smb1_reply.c
+++ b/source3/smbd/smb1_reply.c
@@ -3812,7 +3812,7 @@ void error_to_writebrawerr(struct smb_request *req)
reply_smb1_outbuf(req, 1, 0);
- memcpy(req->outbuf, old_outbuf, smb_size);
+ memmove(req->outbuf, old_outbuf, smb_size);
TALLOC_FREE(old_outbuf);
}
--
Samba Shared Repository
