Second part of fix for bug 7063 - Samba 3.4.5 on ubuntu 8.04 64 bit - Core dumps.

Ensure we have no naked memcpy calls. This isn't a crash bug (it's already checked in the data_blob_talloc_zero() above, but I want to get into the pattern of having all memcpy's covered by safety checks. Jeremy.
author: Jeremy Allison <jra@samba.org> 2010-02-09 14:48:15 -0800
committer: Jeremy Allison <jra@samba.org> 2010-02-09 14:48:15 -0800
commit: 539bbf8653e0117dea139015b4b71be768e3f3d7 (patch)
tree: 053b0ec41a1f1e4eb65f7c0b3ae100c143ebf999
parent: 9ad6f432f3f5844b4b419e7cbaf3c3e70b052d29 (diff)
download: samba-539bbf8653e0117dea139015b4b71be768e3f3d7.tar.gz
samba-539bbf8653e0117dea139015b4b71be768e3f3d7.tar.bz2
samba-539bbf8653e0117dea139015b4b71be768e3f3d7.zip
1 files changed, 4 insertions, 1 deletions
diff --git a/source3/rpc_server/srv_spoolss_nt.c b/source3/rpc_server/srv_spoolss_nt.c
index e2e523d0de..33d47df33a 100644
--- a/source3/rpc_server/srv_spoolss_nt.c
+++ b/source3/rpc_server/srv_spoolss_nt.c
@@ -9455,7 +9455,10 @@ WERROR _spoolss_XcvData(pipes_struct *p,
 
 	*r->out.status_code = 0;
 
-	memcpy(r->out.out_data, out_data.data, out_data.length);
+	if (r->out.out_data && r->in.out_data_size && out_data.length) {
+		memcpy(r->out.out_data, out_data.data,
+			MIN(r->in.out_data_size, out_data.length));
+	}
 
 	return WERR_OK;
 }
author	Jeremy Allison <jra@samba.org>	2010-02-09 14:48:15 -0800
committer	Jeremy Allison <jra@samba.org>	2010-02-09 14:48:15 -0800
commit	539bbf8653e0117dea139015b4b71be768e3f3d7 (patch)
tree	053b0ec41a1f1e4eb65f7c0b3ae100c143ebf999
parent	9ad6f432f3f5844b4b419e7cbaf3c3e70b052d29 (diff)
download	samba-539bbf8653e0117dea139015b4b71be768e3f3d7.tar.gz samba-539bbf8653e0117dea139015b4b71be768e3f3d7.tar.bz2 samba-539bbf8653e0117dea139015b4b71be768e3f3d7.zip