[PATCH] smbd: Fix memory overwrites
Volker Lendecke
Volker.Lendecke at SerNet.DE
Fri Feb 7 09:09:52 MST 2014
Hi!
Attached find a patch that fixes a memory overwrite from the
investigations in bug 10415.
Review & push would be appreciated.
Thanks,
Volker
--
SerNet GmbH, Bahnhofsallee 1b, 37081 Göttingen
phone: +49-551-370000-0, fax: +49-551-370000-9
AG Göttingen, HRB 2816, GF: Dr. Johannes Loxen
http://www.sernet.de, mailto:kontakt at sernet.de
-------------- next part --------------
From 5af5775100db93eecb5e7fabde89c7bf04fdeb01 Mon Sep 17 00:00:00 2001
From: Volker Lendecke <vl at samba.org>
Date: Fri, 7 Feb 2014 16:37:38 +0100
Subject: [PATCH] smbd: Fix memory overwrites
SIVAL writes 32 bit, not 16
Signed-off-by: Volker Lendecke <vl at samba.org>
---
source3/smbd/smb2_ioctl_network_fs.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/source3/smbd/smb2_ioctl_network_fs.c b/source3/smbd/smb2_ioctl_network_fs.c
index 986e97d..11843a4 100644
--- a/source3/smbd/smb2_ioctl_network_fs.c
+++ b/source3/smbd/smb2_ioctl_network_fs.c
@@ -423,8 +423,8 @@ static NTSTATUS fsctl_validate_neg_info(TALLOC_CTX *mem_ctx,
SIVAL(out_output->data, 0x00, conn->smb2.server.capabilities);
memcpy(out_output->data+0x04, out_guid_blob.data, 16);
- SIVAL(out_output->data, 0x14, conn->smb2.server.security_mode);
- SIVAL(out_output->data, 0x16, conn->smb2.server.dialect);
+ SSVAL(out_output->data, 0x14, conn->smb2.server.security_mode);
+ SSVAL(out_output->data, 0x16, conn->smb2.server.dialect);
return NT_STATUS_OK;
}
--
1.8.1.2
More information about the samba-technical
mailing list