summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorTim Potter <tpot@samba.org>2000-07-28 06:27:32 +0000
committerTim Potter <tpot@samba.org>2000-07-28 06:27:32 +0000
commitb58ebd10dee6e779fb4b977a7f55db1b23001564 (patch)
treeb77606ef054ff183be1eb8949bffb1097359498e
parent3cc9e1a6a7c27da971ef9f3be7a21b1f7e671c15 (diff)
downloadsamba-b58ebd10dee6e779fb4b977a7f55db1b23001564.tar.gz
samba-b58ebd10dee6e779fb4b977a7f55db1b23001564.tar.bz2
samba-b58ebd10dee6e779fb4b977a7f55db1b23001564.zip
Fixed read overrun in init_string2()
(This used to be commit 4ab75143c4466ad0ea8443512dd5ade449d72462)
-rw-r--r--source3/rpc_parse/parse_misc.c6
1 files changed, 4 insertions, 2 deletions
diff --git a/source3/rpc_parse/parse_misc.c b/source3/rpc_parse/parse_misc.c
index 2a642e1cec..276e66a113 100644
--- a/source3/rpc_parse/parse_misc.c
+++ b/source3/rpc_parse/parse_misc.c
@@ -775,6 +775,8 @@ void copy_unistr2(UNISTR2 *str, UNISTR2 *from)
void init_string2(STRING2 *str, char *buf, int len)
{
+ int alloc_len = 0;
+
/* set up string lengths. */
str->str_max_len = len;
str->undoc = 0;
@@ -786,8 +788,8 @@ void init_string2(STRING2 *str, char *buf, int len)
parse_misc_talloc = talloc_init();
if (len < MAX_STRINGLEN)
- len = MAX_STRINGLEN;
- str->buffer = talloc(parse_misc_talloc, len);
+ alloc_len = MAX_STRINGLEN;
+ str->buffer = talloc(parse_misc_talloc, alloc_len);
if (str->buffer == NULL)
smb_panic("init_string2: malloc fail\n");
memcpy(str->buffer, buf, len);