[PATCH] smbd: Fix memory overwrites

Volker Lendecke Volker.Lendecke at SerNet.DE
Fri Feb 7 09:09:52 MST 2014


Hi!

Attached find a patch that fixes a memory overwrite from the
investigations in bug 10415.

Review & push would be appreciated.

Thanks,

Volker

-- 
SerNet GmbH, Bahnhofsallee 1b, 37081 Göttingen
phone: +49-551-370000-0, fax: +49-551-370000-9
AG Göttingen, HRB 2816, GF: Dr. Johannes Loxen
http://www.sernet.de, mailto:kontakt at sernet.de
-------------- next part --------------
From 5af5775100db93eecb5e7fabde89c7bf04fdeb01 Mon Sep 17 00:00:00 2001
From: Volker Lendecke <vl at samba.org>
Date: Fri, 7 Feb 2014 16:37:38 +0100
Subject: [PATCH] smbd: Fix memory overwrites

SIVAL writes 32 bit, not 16

Signed-off-by: Volker Lendecke <vl at samba.org>
---
 source3/smbd/smb2_ioctl_network_fs.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/source3/smbd/smb2_ioctl_network_fs.c b/source3/smbd/smb2_ioctl_network_fs.c
index 986e97d..11843a4 100644
--- a/source3/smbd/smb2_ioctl_network_fs.c
+++ b/source3/smbd/smb2_ioctl_network_fs.c
@@ -423,8 +423,8 @@ static NTSTATUS fsctl_validate_neg_info(TALLOC_CTX *mem_ctx,
 
 	SIVAL(out_output->data, 0x00, conn->smb2.server.capabilities);
 	memcpy(out_output->data+0x04, out_guid_blob.data, 16);
-	SIVAL(out_output->data, 0x14, conn->smb2.server.security_mode);
-	SIVAL(out_output->data, 0x16, conn->smb2.server.dialect);
+	SSVAL(out_output->data, 0x14, conn->smb2.server.security_mode);
+	SSVAL(out_output->data, 0x16, conn->smb2.server.dialect);
 
 	return NT_STATUS_OK;
 }
-- 
1.8.1.2



More information about the samba-technical mailing list