[patch] bounds checking in send_file_readX
dhsatrov at linux.vnet.ibm.com
Sun Jul 8 22:36:42 GMT 2007
In send_file_readX(), if startpos > sbuf.st_size, then smb_maxcnt is set
to an invalid large value due to integer overflow.
As for me, this resulted in MS Word hanging while trying to save
a 1.5Mb document.
Introduced by the following patch:
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 326 bytes
Desc: not available
Url : http://lists.samba.org/archive/samba-technical/attachments/20070709/d462bf0d/samba3-ReadAndX-fix.bin
More information about the samba-technical