The Samba-Bugzilla – Attachment 8765 Details for
Bug 9782
Panic when running 'smbtorture smb.base'
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
[PATCH 3/3] s3:smbd: do not access data behind req->buf+req->buflen in srvstr_pull_req_talloc()
0003-s3-smbd-do-not-access-data-behind-req-buf-req-buflen.patch (text/plain), 1.01 KB, created by
Ralph Wuerthner
on 2013-04-12 08:01:09 UTC
(
hide
)
Description:
[PATCH 3/3] s3:smbd: do not access data behind req->buf+req->buflen in srvstr_pull_req_talloc()
Filename:
MIME Type:
Creator:
Ralph Wuerthner
Created:
2013-04-12 08:01:09 UTC
Size:
1.01 KB
patch
obsolete
>From 0643b0429645dc20c895a7aa9e7328e98cbd6894 Mon Sep 17 00:00:00 2001 >From: Ralph Wuerthner <ralph.wuerthner@de.ibm.com> >Date: Thu, 4 Apr 2013 13:29:01 +0200 >Subject: [PATCH 3/3] s3:smbd: do not access data behind req->buf+req->buflen > in srvstr_pull_req_talloc() > >--- > source3/smbd/reply.c | 8 +++++++- > 1 file changed, 7 insertions(+), 1 deletion(-) > >diff --git a/source3/smbd/reply.c b/source3/smbd/reply.c >index 31d6aef..303f5ee 100644 >--- a/source3/smbd/reply.c >+++ b/source3/smbd/reply.c >@@ -346,8 +346,14 @@ size_t srvstr_get_path_req(TALLOC_CTX *mem_ctx, struct smb_request *req, > size_t srvstr_pull_req_talloc(TALLOC_CTX *ctx, struct smb_request *req, > char **dest, const char *src, int flags) > { >+ ssize_t bufrem = smbreq_bufrem(req, src); >+ >+ if (bufrem < 0) { >+ return 0; >+ } >+ > return pull_string_talloc(ctx, req->inbuf, req->flags2, dest, src, >- smbreq_bufrem(req, src), flags); >+ bufrem, flags); > } > > /**************************************************************************** >-- >1.7.9.5 >
You cannot view the attachment while viewing its details because your browser does not support IFRAMEs.
View the attachment on a separate page
.
View Attachment As Raw
Actions:
View
Attachments on
bug 9782
:
8763
|
8764
|
8765
|
8766