[PATCH] torture: Fix a buffer overrun
Volker Lendecke
Volker.Lendecke at SerNet.DE
Fri Feb 28 08:59:37 MST 2014
Hi!
Review would be appreciated.
Thanks,
Volker
--
SerNet GmbH, Bahnhofsallee 1b, 37081 Göttingen
phone: +49-551-370000-0, fax: +49-551-370000-9
AG Göttingen, HRB 2816, GF: Dr. Johannes Loxen
http://www.sernet.de, mailto:kontakt at sernet.de
-------------- next part --------------
From 6e2bde724f9349c32dcc0cd45a53424f95658697 Mon Sep 17 00:00:00 2001
From: Volker Lendecke <vl at samba.org>
Date: Fri, 28 Feb 2014 15:50:21 +0000
Subject: [PATCH] torture: Fix a buffer overrun
In test_EnumPrinterDrivers we go up to driver level 8. In C, this means
we are accessing the 9th entry in the following lines:
ctx->driver_count[level] = count;
ctx->drivers[level] = info;
Signed-off-by: Volker Lendecke <vl at samba.org>
---
source4/torture/rpc/spoolss.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/source4/torture/rpc/spoolss.c b/source4/torture/rpc/spoolss.c
index 135eb3c..b61efa4 100644
--- a/source4/torture/rpc/spoolss.c
+++ b/source4/torture/rpc/spoolss.c
@@ -77,8 +77,8 @@ struct test_spoolss_context {
union spoolss_PortInfo *ports[3];
/* for EnumPrinterDrivers */
- uint32_t driver_count[8];
- union spoolss_DriverInfo *drivers[8];
+ uint32_t driver_count[9];
+ union spoolss_DriverInfo *drivers[9];
/* for EnumMonitors */
uint32_t monitor_count[3];
--
1.8.1.2
More information about the samba-technical
mailing list