[patch] bounds checking in send_file_readX

Dmitry Shatrov dhsatrov at linux.vnet.ibm.com
Sun Jul 8 22:36:42 GMT 2007

In send_file_readX(), if startpos > sbuf.st_size, then smb_maxcnt is set
to an invalid large value due to integer overflow.
As for me, this resulted in MS Word hanging while trying to save
a 1.5Mb document.

Introduced by the following patch: 

-------------- next part --------------
A non-text attachment was scrubbed...
Name: samba3-ReadAndX-fix.diff
Type: text/x-patch
Size: 326 bytes
Desc: not available
Url : http://lists.samba.org/archive/samba-technical/attachments/20070709/d462bf0d/samba3-ReadAndX-fix.bin

More information about the samba-technical mailing list