diff options
author | Jeremy Allison <jra@samba.org> | 2010-02-02 16:43:41 -0800 |
---|---|---|
committer | Jeremy Allison <jra@samba.org> | 2010-02-02 16:43:41 -0800 |
commit | de24209f0a745ada4220a1751c4ed88ae6eea575 (patch) | |
tree | bb47834ec59fe29d66fc67980c1ad784fb8bf302 | |
parent | 110a6f29f0d130753419d5fc5c7b238ab30822ec (diff) | |
download | samba-de24209f0a745ada4220a1751c4ed88ae6eea575.tar.gz samba-de24209f0a745ada4220a1751c4ed88ae6eea575.tar.bz2 samba-de24209f0a745ada4220a1751c4ed88ae6eea575.zip |
Fix bug 7081 - vfs_expand_msdfs doesn't work correctly (with fix identified)
Fix inspired by idea from Eric Horst <erich@cac.washington.edu>.
Jeremy.
-rw-r--r-- | source3/modules/vfs_expand_msdfs.c | 19 |
1 files changed, 16 insertions, 3 deletions
diff --git a/source3/modules/vfs_expand_msdfs.c b/source3/modules/vfs_expand_msdfs.c index 9edd0f6caf..177ebdb928 100644 --- a/source3/modules/vfs_expand_msdfs.c +++ b/source3/modules/vfs_expand_msdfs.c @@ -173,11 +173,17 @@ static int expand_msdfs_readlink(struct vfs_handle_struct *handle, TALLOC_CTX *ctx = talloc_tos(); int result; char *target = TALLOC_ARRAY(ctx, char, PATH_MAX+1); + size_t len; if (!target) { errno = ENOMEM; return -1; } + if (bufsiz == 0) { + errno = EINVAL; + return -1; + } + result = SMB_VFS_NEXT_READLINK(handle, path, target, PATH_MAX); @@ -186,7 +192,7 @@ static int expand_msdfs_readlink(struct vfs_handle_struct *handle, target[result] = '\0'; - if ((strncmp(target, "msdfs:", strlen("msdfs:")) == 0) && + if ((strncmp(target, "msdfs:", 6) == 0) && (strchr_m(target, '@') != NULL)) { target = expand_msdfs_target(ctx, handle->conn, target); if (!target) { @@ -195,8 +201,15 @@ static int expand_msdfs_readlink(struct vfs_handle_struct *handle, } } - safe_strcpy(buf, target, bufsiz-1); - return strlen(buf); + len = MIN(bufsiz, strlen(target)); + if (len) { + memcpy(buf, target, len); + } else { + errno = ENOENT; + return -1; + } + TALLOC_FREE(target); + return len; } static struct vfs_fn_pointers vfs_expand_msdfs_fns = { |