svn commit: samba r22059 - in branches: SAMBA_3_0/source/smbd
SAMBA_3_0_25/source/smbd
vlendec at samba.org
vlendec at samba.org
Tue Apr 3 14:16:57 GMT 2007
Author: vlendec
Date: 2007-04-03 14:16:56 +0000 (Tue, 03 Apr 2007)
New Revision: 22059
WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba&rev=22059
Log:
Over-allocate and NULL out 100 bytes for lanman.c.
Volker
Modified:
branches/SAMBA_3_0/source/smbd/ipc.c
branches/SAMBA_3_0_25/source/smbd/ipc.c
Changeset:
Modified: branches/SAMBA_3_0/source/smbd/ipc.c
===================================================================
--- branches/SAMBA_3_0/source/smbd/ipc.c 2007-04-03 13:30:43 UTC (rev 22058)
+++ branches/SAMBA_3_0/source/smbd/ipc.c 2007-04-03 14:16:56 UTC (rev 22059)
@@ -478,8 +478,8 @@
if (state->total_data) {
/* Can't use talloc here, the core routines do realloc on the
- * params and data. */
- state->data = (char *)SMB_MALLOC(state->total_data);
+ * params and data. Out of paranoia, 100 bytes too many. */
+ state->data = (char *)SMB_MALLOC(state->total_data+100);
if (state->data == NULL) {
DEBUG(0,("reply_trans: data malloc fail for %u "
"bytes !\n", (unsigned int)state->total_data));
@@ -487,6 +487,8 @@
END_PROFILE(SMBtrans);
return(ERROR_DOS(ERRDOS,ERRnomem));
}
+ /* null-terminate the slack space */
+ memset(&state->data[state->total_data], 0, 100);
if ((dsoff+dscnt < dsoff) || (dsoff+dscnt < dscnt))
goto bad_param;
if ((smb_base(inbuf)+dsoff+dscnt > inbuf + size) ||
@@ -498,8 +500,8 @@
if (state->total_param) {
/* Can't use talloc here, the core routines do realloc on the
- * params and data. */
- state->param = (char *)SMB_MALLOC(state->total_param);
+ * params and data. Out of paranoia, 100 bytes too many */
+ state->param = (char *)SMB_MALLOC(state->total_param+100);
if (state->param == NULL) {
DEBUG(0,("reply_trans: param malloc fail for %u "
"bytes !\n", (unsigned int)state->total_param));
@@ -508,6 +510,8 @@
END_PROFILE(SMBtrans);
return(ERROR_DOS(ERRDOS,ERRnomem));
}
+ /* null-terminate the slack space */
+ memset(&state->param[state->total_param], 0, 100);
if ((psoff+pscnt < psoff) || (psoff+pscnt < pscnt))
goto bad_param;
if ((smb_base(inbuf)+psoff+pscnt > inbuf + size) ||
Modified: branches/SAMBA_3_0_25/source/smbd/ipc.c
===================================================================
--- branches/SAMBA_3_0_25/source/smbd/ipc.c 2007-04-03 13:30:43 UTC (rev 22058)
+++ branches/SAMBA_3_0_25/source/smbd/ipc.c 2007-04-03 14:16:56 UTC (rev 22059)
@@ -478,8 +478,8 @@
if (state->total_data) {
/* Can't use talloc here, the core routines do realloc on the
- * params and data. */
- state->data = (char *)SMB_MALLOC(state->total_data);
+ * params and data. Out of paranoia, 100 bytes too many. */
+ state->data = (char *)SMB_MALLOC(state->total_data+100);
if (state->data == NULL) {
DEBUG(0,("reply_trans: data malloc fail for %u "
"bytes !\n", (unsigned int)state->total_data));
@@ -487,6 +487,8 @@
END_PROFILE(SMBtrans);
return(ERROR_DOS(ERRDOS,ERRnomem));
}
+ /* null-terminate the slack space */
+ memset(&state->data[state->total_data], 0, 100);
if ((dsoff+dscnt < dsoff) || (dsoff+dscnt < dscnt))
goto bad_param;
if ((smb_base(inbuf)+dsoff+dscnt > inbuf + size) ||
@@ -498,8 +500,8 @@
if (state->total_param) {
/* Can't use talloc here, the core routines do realloc on the
- * params and data. */
- state->param = (char *)SMB_MALLOC(state->total_param);
+ * params and data. Out of paranoia, 100 bytes too many */
+ state->param = (char *)SMB_MALLOC(state->total_param+100);
if (state->param == NULL) {
DEBUG(0,("reply_trans: param malloc fail for %u "
"bytes !\n", (unsigned int)state->total_param));
@@ -508,6 +510,8 @@
END_PROFILE(SMBtrans);
return(ERROR_DOS(ERRDOS,ERRnomem));
}
+ /* null-terminate the slack space */
+ memset(&state->param[state->total_param], 0, 100);
if ((psoff+pscnt < psoff) || (psoff+pscnt < pscnt))
goto bad_param;
if ((smb_base(inbuf)+psoff+pscnt > inbuf + size) ||
More information about the samba-cvs
mailing list