summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorJeremy Allison <jra@samba.org>2010-02-02 16:43:41 -0800
committerJeremy Allison <jra@samba.org>2010-02-02 16:43:41 -0800
commitde24209f0a745ada4220a1751c4ed88ae6eea575 (patch)
treebb47834ec59fe29d66fc67980c1ad784fb8bf302
parent110a6f29f0d130753419d5fc5c7b238ab30822ec (diff)
downloadsamba-de24209f0a745ada4220a1751c4ed88ae6eea575.tar.gz
samba-de24209f0a745ada4220a1751c4ed88ae6eea575.tar.bz2
samba-de24209f0a745ada4220a1751c4ed88ae6eea575.zip
Fix bug 7081 - vfs_expand_msdfs doesn't work correctly (with fix identified)
Fix inspired by idea from Eric Horst <erich@cac.washington.edu>. Jeremy.
-rw-r--r--source3/modules/vfs_expand_msdfs.c19
1 files changed, 16 insertions, 3 deletions
diff --git a/source3/modules/vfs_expand_msdfs.c b/source3/modules/vfs_expand_msdfs.c
index 9edd0f6caf..177ebdb928 100644
--- a/source3/modules/vfs_expand_msdfs.c
+++ b/source3/modules/vfs_expand_msdfs.c
@@ -173,11 +173,17 @@ static int expand_msdfs_readlink(struct vfs_handle_struct *handle,
TALLOC_CTX *ctx = talloc_tos();
int result;
char *target = TALLOC_ARRAY(ctx, char, PATH_MAX+1);
+ size_t len;
if (!target) {
errno = ENOMEM;
return -1;
}
+ if (bufsiz == 0) {
+ errno = EINVAL;
+ return -1;
+ }
+
result = SMB_VFS_NEXT_READLINK(handle, path, target,
PATH_MAX);
@@ -186,7 +192,7 @@ static int expand_msdfs_readlink(struct vfs_handle_struct *handle,
target[result] = '\0';
- if ((strncmp(target, "msdfs:", strlen("msdfs:")) == 0) &&
+ if ((strncmp(target, "msdfs:", 6) == 0) &&
(strchr_m(target, '@') != NULL)) {
target = expand_msdfs_target(ctx, handle->conn, target);
if (!target) {
@@ -195,8 +201,15 @@ static int expand_msdfs_readlink(struct vfs_handle_struct *handle,
}
}
- safe_strcpy(buf, target, bufsiz-1);
- return strlen(buf);
+ len = MIN(bufsiz, strlen(target));
+ if (len) {
+ memcpy(buf, target, len);
+ } else {
+ errno = ENOENT;
+ return -1;
+ }
+ TALLOC_FREE(target);
+ return len;
}
static struct vfs_fn_pointers vfs_expand_msdfs_fns = {