samba-4.1.11\lib\util\string_wrappers.h line 49: #define nstrcpy(d,s) \ do { \ const char *_nstrcpy_src = (const char *)(s); \ strlcpy((d),_nstrcpy_src ? _nstrcpy_src : "",sizeof(fstring)); \ } while (0) nstrcpy is intended for use on typedef nstring which has len 16: #define MAX_NETBIOSNAME_LEN 16 typedef char nstring[MAX_NETBIOSNAME_LEN]; fstring is 256 bytes. Using nstrcpy() will allow 256 bytes to be copied into a buffer of only 16 bytes, leading to a stack overflow.
Created attachment 10172 [details] Patch from master This patch from master should fix it
Comment on attachment 10172 [details] Patch from master LGTM!
Re-assigning to Karolin for inclusion in 4.1.next, 4.0.next.
Pushed to autobuild-v4-[0|1]-test.
Pushed to both branches. Closing out bug report. Thanks!