[PATCH 08/12] torture: Provide enough space for test EA name in raw.eas test
Kamen Mazdrashki
kamenim at samba.org
Mon Sep 8 17:57:19 MDT 2014
On Tue, Sep 9, 2014 at 1:40 AM, Andrew Bartlett <abartlet at samba.org> wrote:
> On Mon, 2014-09-08 at 05:28 +0200, Kamen Mazdrashki wrote:
> >
> >
> > I think you should also change following line from:
> > bad_ea_name[5] = (char)i;
> > to
> > bad_ea_name[6] = (char)i;
> > to preserve original idea for this test
>
> No, because if we did that we would again write over the NULL
> terminator. The issue is that previously bad_ea_name[5] was the last
> element on the array, and so when we later did a strlen() on it, we read
> past the end of the stack array. We need bad_ea_name[5] to be the
> second-last element, followed by the \0 placed there by the strlcpy().
>
> Oups, you are right. sorry for the noise.
> An patch with an improved commit message is attached.
>
> Please review/push.
>
> Reviewed-by: Kamen Mazdrashki <kamenim at samba.org>
> Andrew Bartlett
>
> > Reviewed-by: Kamen Mazdrashki <kamenim at samba.org>
> >
> >
> >
> > Cheers,
> > kamen
> >
> > On Mon, Sep 8, 2014 at 1:30 AM, <abartlet at samba.org> wrote:
> > From: Andrew Bartlett <abartlet at samba.org>
> >
> > Found by AddressSanitizer
> >
> > Change-Id: I871c08200aa2591c612dfa44da92b83132f83d88
> > Signed-off-by: Andrew Bartlett <abartlet at samba.org>
> > ---
> > source4/torture/raw/eas.c | 2 +-
> > 1 file changed, 1 insertion(+), 1 deletion(-)
> >
> > diff --git a/source4/torture/raw/eas.c
> > b/source4/torture/raw/eas.c
> > index 95a55d1..15bfb2f 100644
> > --- a/source4/torture/raw/eas.c
> > +++ b/source4/torture/raw/eas.c
> > @@ -51,7 +51,7 @@ static bool test_eas(struct smbcli_state
> > *cli, struct torture_context *tctx)
> > union smb_open io;
> > const char *fname = BASEDIR "\\ea.txt";
> > bool ret = true;
> > - char bad_ea_name[6];
> > + char bad_ea_name[7];
> > int i;
> > int fnum = -1;
> >
> > --
> > 2.1.0
> >
> >
> >
>
> --
> Andrew Bartlett
> http://samba.org/~abartlet/
> Authentication Developer, Samba Team http://samba.org
> Samba Developer, Catalyst IT
> http://catalyst.net.nz/services/samba
>
>
>
>
More information about the samba-technical
mailing list