From 5768f99a63c77b2822a3cc01fb13c68a459dd41e Mon Sep 17 00:00:00 2001
From: Andreas Schneider <asn@samba.org>
Date: Tue, 19 Feb 2013 09:23:53 +0100
Subject: [PATCH] pdb: Fix array overrun by one. Reviewed-by: Alexander Bokovoy
 <ab@samba.org>


Signed-off-by: Andreas Schneider <asn@samba.org>
---
 source3/passdb/pdb_smbpasswd.c | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

diff --git a/source3/passdb/pdb_smbpasswd.c b/source3/passdb/pdb_smbpasswd.c
index 43d6eaf..3d1c28c 100644
--- a/source3/passdb/pdb_smbpasswd.c
+++ b/source3/passdb/pdb_smbpasswd.c
@@ -736,7 +736,8 @@ static bool mod_smbfilepwd_entry(struct smbpasswd_privates *smbpasswd_state, con
 	fstring user_name;
 
 	char *status;
-	char linebuf[256];
+#define LINEBUF_SIZE 255
+	char linebuf[LINEBUF_SIZE + 1];
 	char readbuf[1024];
 	int c;
 	fstring ascii_p16;
@@ -791,7 +792,7 @@ static bool mod_smbfilepwd_entry(struct smbpasswd_privates *smbpasswd_state, con
 
 		linebuf[0] = '\0';
 
-		status = fgets(linebuf, sizeof(linebuf), fp);
+		status = fgets(linebuf, LINEBUF_SIZE, fp);
 		if (status == NULL && ferror(fp)) {
 			pw_file_unlock(lockfd, &smbpasswd_state->pw_file_lock_depth);
 			fclose(fp);
@@ -1020,7 +1021,7 @@ This is no longer supported.!\n", pwd->smb_name));
 	dump_data(100, (uint8 *)ascii_p16, wr_len);
 #endif
 
-	if(wr_len > sizeof(linebuf)) {
+	if(wr_len > LINEBUF_SIZE) {
 		DEBUG(0, ("mod_smbfilepwd_entry: line to write (%d) is too long.\n", wr_len+1));
 		pw_file_unlock(lockfd,&smbpasswd_state->pw_file_lock_depth);
 		fclose(fp);
-- 
1.8.1.4