[PATCH 08/12] torture: Provide enough space for test EA name in raw.eas test

Kamen Mazdrashki kamenim at samba.org
Mon Sep 8 17:57:19 MDT 2014


On Tue, Sep 9, 2014 at 1:40 AM, Andrew Bartlett <abartlet at samba.org> wrote:

> On Mon, 2014-09-08 at 05:28 +0200, Kamen Mazdrashki wrote:
> >
> >
> > I think you should also change following line from:
> >   bad_ea_name[5] = (char)i;
> > to
> >   bad_ea_name[6] = (char)i;
> > to preserve original idea for this test
>
> No, because if we did that we would again write over the NULL
> terminator.  The issue is that previously bad_ea_name[5] was the last
> element on the array, and so when we later did a strlen() on it, we read
> past the end of the stack array.  We need bad_ea_name[5] to be the
> second-last element, followed by the \0 placed there by the strlcpy().
>
> Oups, you are right. sorry for the noise.


> An patch with an improved commit message is attached.
>
> Please review/push.
>
> Reviewed-by: Kamen Mazdrashki <kamenim at samba.org>


> Andrew Bartlett
>
> > Reviewed-by: Kamen Mazdrashki <kamenim at samba.org>
> >
> >
> >
> > Cheers,
> > kamen
> >
> > On Mon, Sep 8, 2014 at 1:30 AM, <abartlet at samba.org> wrote:
> >         From: Andrew Bartlett <abartlet at samba.org>
> >
> >         Found by AddressSanitizer
> >
> >         Change-Id: I871c08200aa2591c612dfa44da92b83132f83d88
> >         Signed-off-by: Andrew Bartlett <abartlet at samba.org>
> >         ---
> >          source4/torture/raw/eas.c | 2 +-
> >          1 file changed, 1 insertion(+), 1 deletion(-)
> >
> >         diff --git a/source4/torture/raw/eas.c
> >         b/source4/torture/raw/eas.c
> >         index 95a55d1..15bfb2f 100644
> >         --- a/source4/torture/raw/eas.c
> >         +++ b/source4/torture/raw/eas.c
> >         @@ -51,7 +51,7 @@ static bool test_eas(struct smbcli_state
> >         *cli, struct torture_context *tctx)
> >                 union smb_open io;
> >                 const char *fname = BASEDIR "\\ea.txt";
> >                 bool ret = true;
> >         -       char bad_ea_name[6];
> >         +       char bad_ea_name[7];
> >                 int i;
> >                 int fnum = -1;
> >
> >         --
> >         2.1.0
> >
> >
> >
>
> --
> Andrew Bartlett
> http://samba.org/~abartlet/
> Authentication Developer, Samba Team  http://samba.org
> Samba Developer, Catalyst IT
> http://catalyst.net.nz/services/samba
>
>
>
>


More information about the samba-technical mailing list