[PATCH] Fix length calculation in vfs_fruit
Volker Lendecke
Volker.Lendecke at SerNet.DE
Tue Jul 7 07:08:20 UTC 2015
Hi, Ralph!
C is almost impossible to get right :-)
Review&push appreciated!
Thanks,
Volker
--
SerNet GmbH, Bahnhofsallee 1b, 37081 Göttingen
phone: +49-551-370000-0, fax: +49-551-370000-9
AG Göttingen, HRB 2816, GF: Dr. Johannes Loxen
http://www.sernet.de, mailto:kontakt at sernet.de
-------------- next part --------------
From 086bd04b8a5d0549cc2d927f2ca3fae1f641214c Mon Sep 17 00:00:00 2001
From: Volker Lendecke <vl at samba.org>
Date: Tue, 7 Jul 2015 09:04:22 +0200
Subject: [PATCH] vfs_fruit: Fix CID 1311244 Out-of-bounds read
We should not call memcpy if the offset is exactly AFP_INFO_SIZE
Signed-off-by: Volker Lendecke <vl at samba.org>
---
source3/modules/vfs_fruit.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/source3/modules/vfs_fruit.c b/source3/modules/vfs_fruit.c
index d05d786..e29440b 100644
--- a/source3/modules/vfs_fruit.c
+++ b/source3/modules/vfs_fruit.c
@@ -2624,7 +2624,7 @@ static ssize_t fruit_pread(vfs_handle_struct *handle,
char afpinfo_buf[AFP_INFO_SIZE];
size_t to_return;
- if ((offset < 0) || (offset > AFP_INFO_SIZE)) {
+ if ((offset < 0) || (offset >= AFP_INFO_SIZE)) {
len = 0;
rc = 0;
goto exit;
--
1.9.1
More information about the samba-technical
mailing list