From f3ef1ad9af24763801e9a780027380f726633ff9 Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Tue, 2 Feb 2010 16:43:41 -0800 Subject: [PATCH] Fix bug 7081 - vfs_expand_msdfs doesn't work correctly (with fix identified) Fix inspired by idea from Eric Horst . Jeremy. (cherry picked from commit de24209f0a745ada4220a1751c4ed88ae6eea575) --- source3/modules/vfs_expand_msdfs.c | 19 ++++++++++++++++--- 1 files changed, 16 insertions(+), 3 deletions(-) diff --git a/source3/modules/vfs_expand_msdfs.c b/source3/modules/vfs_expand_msdfs.c index 0d09d21..f58af20 100644 --- a/source3/modules/vfs_expand_msdfs.c +++ b/source3/modules/vfs_expand_msdfs.c @@ -173,11 +173,17 @@ static int expand_msdfs_readlink(struct vfs_handle_struct *handle, TALLOC_CTX *ctx = talloc_tos(); int result; char *target = TALLOC_ARRAY(ctx, char, PATH_MAX+1); + size_t len; if (!target) { errno = ENOMEM; return -1; } + if (bufsiz == 0) { + errno = EINVAL; + return -1; + } + result = SMB_VFS_NEXT_READLINK(handle, path, target, PATH_MAX); @@ -186,7 +192,7 @@ static int expand_msdfs_readlink(struct vfs_handle_struct *handle, target[result] = '\0'; - if ((strncmp(target, "msdfs:", strlen("msdfs:")) == 0) && + if ((strncmp(target, "msdfs:", 6) == 0) && (strchr_m(target, '@') != NULL)) { target = expand_msdfs_target(ctx, handle->conn, target); if (!target) { @@ -195,8 +201,15 @@ static int expand_msdfs_readlink(struct vfs_handle_struct *handle, } } - safe_strcpy(buf, target, bufsiz-1); - return strlen(buf); + len = MIN(bufsiz, strlen(target)); + if (len) { + memcpy(buf, target, len); + } else { + errno = ENOENT; + return -1; + } + TALLOC_FREE(target); + return len; } /* VFS operations structure */ -- 1.6.6