summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorAndreas Schneider <asn@samba.org>2013-02-19 09:23:53 +0100
committerAlexander Bokovoy <ab@samba.org>2013-02-22 16:36:13 +0100
commitb510e5e6c4332356067331c7afff47f7dbf587fc (patch)
treed907e2c3bc6b69ada4adf2d1cc8c78a67f6d58ad
parent5207d456f1132041a07c9b3c48bfa7a9112a698f (diff)
downloadsamba-b510e5e6c4332356067331c7afff47f7dbf587fc.tar.gz
samba-b510e5e6c4332356067331c7afff47f7dbf587fc.tar.bz2
samba-b510e5e6c4332356067331c7afff47f7dbf587fc.zip
pdb: Fix array overrun by one.
Reviewed-by: Alexander Bokovoy <ab@samba.org>
-rw-r--r--source3/passdb/pdb_smbpasswd.c7
1 files changed, 4 insertions, 3 deletions
diff --git a/source3/passdb/pdb_smbpasswd.c b/source3/passdb/pdb_smbpasswd.c
index 0703ea4607..83785c68a1 100644
--- a/source3/passdb/pdb_smbpasswd.c
+++ b/source3/passdb/pdb_smbpasswd.c
@@ -737,7 +737,8 @@ static bool mod_smbfilepwd_entry(struct smbpasswd_privates *smbpasswd_state, con
fstring user_name;
char *status;
- char linebuf[256];
+#define LINEBUF_SIZE 255
+ char linebuf[LINEBUF_SIZE + 1];
char readbuf[1024];
int c;
fstring ascii_p16;
@@ -792,7 +793,7 @@ static bool mod_smbfilepwd_entry(struct smbpasswd_privates *smbpasswd_state, con
linebuf[0] = '\0';
- status = fgets(linebuf, sizeof(linebuf), fp);
+ status = fgets(linebuf, LINEBUF_SIZE, fp);
if (status == NULL && ferror(fp)) {
pw_file_unlock(lockfd, &smbpasswd_state->pw_file_lock_depth);
fclose(fp);
@@ -1021,7 +1022,7 @@ This is no longer supported.!\n", pwd->smb_name));
dump_data(100, (uint8 *)ascii_p16, wr_len);
#endif
- if(wr_len > sizeof(linebuf)) {
+ if(wr_len > LINEBUF_SIZE) {
DEBUG(0, ("mod_smbfilepwd_entry: line to write (%d) is too long.\n", wr_len+1));
pw_file_unlock(lockfd,&smbpasswd_state->pw_file_lock_depth);
fclose(fp);