off by -1 problem in trim_string
Ben Winslow
rain at bluecherry.net
Thu May 10 18:29:43 GMT 2001
trim_string() in lib/util_str.c seems to have a potential off by -1
problem that my config file tickled a few times. I've attached a patch
to fix the problem. Basically, in this code:
if ( back && back_len > 1 && s_len > back_len) {
char *bP = sP + s_len - back_len;
long b_len = s_len;
bP can be set to sP - 1 (sP being the start of s) if s_len = 1 and
back_len = 2 (which is what happened in my case). I didn't actually
track down the offending call to the function (I can if anyone cares),
but I suspect it was something in the config file parser.
Cheers.
--
I had a .sig once, but my cat ate it.
-------------- next part --------------
diff -ur samba-2.2.0.orig/source/lib/util_str.c samba-2.2.0/source/lib/util_str.c
--- samba-2.2.0.orig/source/lib/util_str.c Sun Apr 15 17:21:03 2001
+++ samba-2.2.0/source/lib/util_str.c Thu May 10 13:05:32 2001
@@ -589,7 +589,7 @@
* Kenichi Okuyama.
*/
- if ( back && back_len > 1 ) {
+ if ( back && back_len > 1 && s_len > back_len) {
char *bP = sP + s_len - back_len;
long b_len = s_len;
More information about the samba-technical
mailing list