Need to backport my buffer overflow fix from master to 3.5.0 and 3.4.6 It's a simple fix with very low risk. The original master patch applies cleanly to both branches. commit 09eaeaec3ca200be9b7f8597aed7371d2b21c5c3 Author: Steven Danneman <steven.danneman@isilon.com> Date: Sat Jan 30 13:29:23 2010 -0800 s3/smbd: Fix string buffer overflow causing heap corruption The destname malloc size was not taking into account the 1 extra byte needed if a string without a leading '/' was passed in and that slash was added. This would cause the '\0' byte to be written past the end of the malloced destname string and corrupt whatever heap memory was there. This problem would be hit if a share name was given in smb.conf without a leading '/' and if it was the exact size of the allocated STRDUP memory which in some implementations of malloc is a power of 2.
+1 from me - this is completely correct. Re-assigning to Karolin for inclusion in 3.5.0 and 3.4.6. Jeremy.
Pushed to both branches. Closing out bug report. Thanks!