[PATCH 08/12] torture: Provide enough space for test EA name in raw.eas test
Andrew Bartlett
abartlet at samba.org
Mon Sep 8 17:40:23 MDT 2014
On Mon, 2014-09-08 at 05:28 +0200, Kamen Mazdrashki wrote:
>
>
> I think you should also change following line from:
> bad_ea_name[5] = (char)i;
> to
> bad_ea_name[6] = (char)i;
> to preserve original idea for this test
No, because if we did that we would again write over the NULL
terminator. The issue is that previously bad_ea_name[5] was the last
element on the array, and so when we later did a strlen() on it, we read
past the end of the stack array. We need bad_ea_name[5] to be the
second-last element, followed by the \0 placed there by the strlcpy().
An patch with an improved commit message is attached.
Please review/push.
Andrew Bartlett
> Reviewed-by: Kamen Mazdrashki <kamenim at samba.org>
>
>
>
> Cheers,
> kamen
>
> On Mon, Sep 8, 2014 at 1:30 AM, <abartlet at samba.org> wrote:
> From: Andrew Bartlett <abartlet at samba.org>
>
> Found by AddressSanitizer
>
> Change-Id: I871c08200aa2591c612dfa44da92b83132f83d88
> Signed-off-by: Andrew Bartlett <abartlet at samba.org>
> ---
> source4/torture/raw/eas.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/source4/torture/raw/eas.c
> b/source4/torture/raw/eas.c
> index 95a55d1..15bfb2f 100644
> --- a/source4/torture/raw/eas.c
> +++ b/source4/torture/raw/eas.c
> @@ -51,7 +51,7 @@ static bool test_eas(struct smbcli_state
> *cli, struct torture_context *tctx)
> union smb_open io;
> const char *fname = BASEDIR "\\ea.txt";
> bool ret = true;
> - char bad_ea_name[6];
> + char bad_ea_name[7];
> int i;
> int fnum = -1;
>
> --
> 2.1.0
>
>
>
--
Andrew Bartlett
http://samba.org/~abartlet/
Authentication Developer, Samba Team http://samba.org
Samba Developer, Catalyst IT http://catalyst.net.nz/services/samba
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0001-torture-Provide-enough-space-for-test-EA-name-in-raw.patch
Type: text/x-patch
Size: 1143 bytes
Desc: not available
URL: <http://lists.samba.org/pipermail/samba-technical/attachments/20140909/25dd262a/attachment.bin>
More information about the samba-technical
mailing list