diff options
author | Andrew Tridgell <tridge@samba.org> | 2005-08-16 23:19:17 +0000 |
---|---|---|
committer | Gerald (Jerry) Carter <jerry@samba.org> | 2007-10-10 13:33:25 -0500 |
commit | 290b0b5b19ef0123a9cc0e178b08937c0a2053cb (patch) | |
tree | f45af76ec98fa3f5a68a578f2df08e20d24a8088 | |
parent | 30296570537e8c0406b93d09c1088e308f210545 (diff) | |
download | samba-290b0b5b19ef0123a9cc0e178b08937c0a2053cb.tar.gz samba-290b0b5b19ef0123a9cc0e178b08937c0a2053cb.tar.bz2 samba-290b0b5b19ef0123a9cc0e178b08937c0a2053cb.zip |
r9335: only copy the in side of an array to the out side of an array when the
array is a [ref] pointer. For non-ref arrays it is quite valid for a
server to return a larger response array then the client gave (as can
happen with winreg) in which case this memcpy() will fault.
(This used to be commit 6cf20e7adb9891119fdc9a0b208c3f94fe823334)
-rw-r--r-- | source4/build/pidl/Parse/Pidl/Samba/NDR/Parser.pm | 3 |
1 files changed, 2 insertions, 1 deletions
diff --git a/source4/build/pidl/Parse/Pidl/Samba/NDR/Parser.pm b/source4/build/pidl/Parse/Pidl/Samba/NDR/Parser.pm index cde96ca0b2..4cc0dd9184 100644 --- a/source4/build/pidl/Parse/Pidl/Samba/NDR/Parser.pm +++ b/source4/build/pidl/Parse/Pidl/Samba/NDR/Parser.pm @@ -1812,7 +1812,8 @@ sub AllocateArrayLevel($$$$$) } if (grep(/in/,@{$e->{DIRECTION}}) and - grep(/out/,@{$e->{DIRECTION}})) { + grep(/out/,@{$e->{DIRECTION}}) and + $pl->{POINTER_TYPE} eq "ref") { pidl "memcpy(r->out.$e->{NAME},r->in.$e->{NAME},$size * sizeof(*r->in.$e->{NAME}));"; } } |