Bug 10800 - Array index out of bounds in smbtorture
Summary: Array index out of bounds in smbtorture
Alias: None
Product: Samba 4.1 and newer
Classification: Unclassified
Component: smbtorture (show other bugs)
Version: unspecified
Hardware: All All
: P5 normal (vote)
Target Milestone: ---
Assignee: Andrew Bartlett
QA Contact: Samba QA Contact
Depends on:
Reported: 2014-09-06 16:31 UTC by herwin
Modified: 2016-07-29 00:01 UTC (History)
1 user (show)

See Also:

patch (439 bytes, patch)
2014-09-06 16:32 UTC, herwin
no flags Details
Alternative patch (1.17 KB, patch)
2014-09-07 19:11 UTC, Volker Lendecke
metze: review+

Note You need to log in before you can comment on or make changes to this bug.
Description herwin 2014-09-06 16:31:31 UTC
In torture/smb2/dir.c method test_modify_search an array of 702 elements is defined, which means the entries are accessible on indexes 0 to 701. Later in this method, the index 702 is used.

The patch is pretty simple: enlarge the buffer with 1.
Comment 1 herwin 2014-09-06 16:32:09 UTC
Created attachment 10261 [details]
Comment 2 Volker Lendecke 2014-09-07 19:11:52 UTC
Created attachment 10263 [details]
Alternative patch

Thanks, entirely correct. I'd prefer this version though to couple the array sizes. Ok?
Comment 3 herwin 2014-09-07 19:40:31 UTC
@volker: I'm sure if you were targetting me, but in any case: I'm completely fine with using your version (I think that one is cleaner)
Comment 4 Stefan Metzmacher 2014-09-08 07:54:05 UTC
Comment on attachment 10263 [details]
Alternative patch

Looks good, please push to master with reviewed-by: me
Comment 5 Andrew Bartlett 2016-07-29 00:01:56 UTC
Fixed in master with abe499be569c9087f007331d3ac2e48cea0e2cae