[Samba] Re: string overflow in safe_strcpy
Jeremy Allison
jra at samba.org
Tue Jun 29 20:30:43 GMT 2004
On Tue, Jun 29, 2004 at 09:13:05AM +0100, Carl Matthews wrote:
> Also i've just noticed the errors never occur for directorys but only
> for files longer than the 8.3. Which again suggests an error in the hash
> mangling method.
Here's the fix. Incorrect use of safe_strcpy (memcpy should be used instead).
Jeremy.
-------------- next part --------------
Index: smbd/mangle_hash.c
===================================================================
--- smbd/mangle_hash.c (revision 1298)
+++ smbd/mangle_hash.c (working copy)
@@ -546,8 +546,10 @@
/* Fill the new cache entry, and add it to the cache. */
s1 = (char *)(new_entry + 1);
s2 = (char *)&(s1[mangled_len + 1]);
- safe_strcpy( s1, mangled_name, mangled_len );
- safe_strcpy( s2, raw_name, raw_len );
+ memcpy( s1, mangled_name, mangled_len );
+ s1[mangled_len] = '\0';
+ memcpy( s2, raw_name, raw_len );
+ s2[raw_len] = '\0';
ubi_cachePut( mangled_cache, i, new_entry, s1 );
}
More information about the samba
mailing list