Clobber our SMB buffers between packets. I hope this will help find bugs

where we assume the buffer is zero, when it might not be (ie due to, previous
packets).

Andrew Bartlett
(This used to be commit 191b0ab4d7c35c83d2bb2052b2e37d01fbf37b45)

1 files changed, 10 insertions, 2 deletions

diff --git a/source3/smbd/process.c b/source3/smbd/process.c
index 57bc236eef..c3fbc22e94 100644
--- a/source3/smbd/process.c
+++ b/source3/smbd/process.c
@@ -1249,12 +1249,16 @@ void smbd_process(void)
 	extern int smb_echo_count;
 	time_t last_timeout_processing_time = time(NULL);
 	unsigned int num_smbs = 0;
+	const size_t total_buffer_size = BUFFER_SIZE + LARGE_WRITEX_HDR_SIZE + SAFETY_MARGIN;
 
-	InBuffer = (char *)malloc(BUFFER_SIZE + LARGE_WRITEX_HDR_SIZE + SAFETY_MARGIN);
-	OutBuffer = (char *)malloc(BUFFER_SIZE + LARGE_WRITEX_HDR_SIZE + SAFETY_MARGIN);
+	InBuffer = (char *)malloc(total_buffer_size);
+	OutBuffer = (char *)malloc(total_buffer_size);
 	if ((InBuffer == NULL) || (OutBuffer == NULL)) 
 		return;
 
+	clobber_region(__FUNCTION__, __LINE__, InBuffer, total_buffer_size);
+	clobber_region(__FUNCTION__, __LINE__, OutBuffer, total_buffer_size);
+
 	max_recv = MIN(lp_maxxmit(),BUFFER_SIZE);
 
 	while (True) {
@@ -1278,6 +1282,8 @@ void smbd_process(void)
 			num_smbs = 0; /* Reset smb counter. */
 		}
 
+		clobber_region(__FUNCTION__, __LINE__, InBuffer, total_buffer_size);
+
 		while (!receive_message_or_smb(InBuffer,BUFFER_SIZE+LARGE_WRITEX_HDR_SIZE,select_timeout)) {
 			if(!timeout_processing( deadtime, &select_timeout, &last_timeout_processing_time))
 				return;
@@ -1295,6 +1301,8 @@ void smbd_process(void)
 		 */ 
 		num_echos = smb_echo_count;
 
+		clobber_region(__FUNCTION__, __LINE__, OutBuffer, total_buffer_size);
+
 		process_smb(InBuffer, OutBuffer);
 
 		if (smb_echo_count != num_echos) {