[PATCH] smbd: Fix memory overwrites
Michael Adam
obnox at samba.org
Fri Feb 7 09:16:06 MST 2014
Great catch!
Pushed to autobuild.
Michael
On 2014-02-07 at 17:09 +0100, Volker Lendecke wrote:
> Hi!
>
> Attached find a patch that fixes a memory overwrite from the
> investigations in bug 10415.
>
> Review & push would be appreciated.
>
> Thanks,
>
> Volker
>
> --
> SerNet GmbH, Bahnhofsallee 1b, 37081 Göttingen
> phone: +49-551-370000-0, fax: +49-551-370000-9
> AG Göttingen, HRB 2816, GF: Dr. Johannes Loxen
> http://www.sernet.de, mailto:kontakt at sernet.de
> From 5af5775100db93eecb5e7fabde89c7bf04fdeb01 Mon Sep 17 00:00:00 2001
> From: Volker Lendecke <vl at samba.org>
> Date: Fri, 7 Feb 2014 16:37:38 +0100
> Subject: [PATCH] smbd: Fix memory overwrites
>
> SIVAL writes 32 bit, not 16
>
> Signed-off-by: Volker Lendecke <vl at samba.org>
> ---
> source3/smbd/smb2_ioctl_network_fs.c | 4 ++--
> 1 file changed, 2 insertions(+), 2 deletions(-)
>
> diff --git a/source3/smbd/smb2_ioctl_network_fs.c b/source3/smbd/smb2_ioctl_network_fs.c
> index 986e97d..11843a4 100644
> --- a/source3/smbd/smb2_ioctl_network_fs.c
> +++ b/source3/smbd/smb2_ioctl_network_fs.c
> @@ -423,8 +423,8 @@ static NTSTATUS fsctl_validate_neg_info(TALLOC_CTX *mem_ctx,
>
> SIVAL(out_output->data, 0x00, conn->smb2.server.capabilities);
> memcpy(out_output->data+0x04, out_guid_blob.data, 16);
> - SIVAL(out_output->data, 0x14, conn->smb2.server.security_mode);
> - SIVAL(out_output->data, 0x16, conn->smb2.server.dialect);
> + SSVAL(out_output->data, 0x14, conn->smb2.server.security_mode);
> + SSVAL(out_output->data, 0x16, conn->smb2.server.dialect);
>
> return NT_STATUS_OK;
> }
> --
> 1.8.1.2
>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 215 bytes
Desc: Digital signature
URL: <http://lists.samba.org/pipermail/samba-technical/attachments/20140207/18f95ab2/attachment.pgp>
More information about the samba-technical
mailing list