diff options
author | Jeremy Allison <jra@samba.org> | 2003-04-10 19:08:45 +0000 |
---|---|---|
committer | Jeremy Allison <jra@samba.org> | 2003-04-10 19:08:45 +0000 |
commit | 2962bec1ab9d916928777f607334122ea4dbbaca (patch) | |
tree | cf1b67d7cbfe90b2078730a7ca25d75577337b0c | |
parent | 7c735eabc9c8277a13fd47bdb18b264e225672d1 (diff) | |
download | samba-2962bec1ab9d916928777f607334122ea4dbbaca.tar.gz samba-2962bec1ab9d916928777f607334122ea4dbbaca.tar.bz2 samba-2962bec1ab9d916928777f607334122ea4dbbaca.zip |
Fix from Andrew Esh to ensure tdb_pack can't segfault.
Jeremy.
(This used to be commit 9783929d4ed51e63bddde4b890caa01b737abe85)
-rw-r--r-- | source3/tdb/tdbutil.c | 17 |
1 files changed, 10 insertions, 7 deletions
diff --git a/source3/tdb/tdbutil.c b/source3/tdb/tdbutil.c index 0d8f6128cc..49005f8765 100644 --- a/source3/tdb/tdbutil.c +++ b/source3/tdb/tdbutil.c @@ -405,41 +405,41 @@ size_t tdb_pack(char *buf, int bufsize, const char *fmt, ...) case 'w': len = 2; w = (uint16)va_arg(ap, int); - if (bufsize >= len) + if (bufsize && bufsize >= len) SSVAL(buf, 0, w); break; case 'd': len = 4; d = va_arg(ap, uint32); - if (bufsize >= len) + if (bufsize && bufsize >= len) SIVAL(buf, 0, d); break; case 'p': len = 4; p = va_arg(ap, void *); d = p?1:0; - if (bufsize >= len) + if (bufsize && bufsize >= len) SIVAL(buf, 0, d); break; case 'P': s = va_arg(ap,char *); w = strlen(s); len = w + 1; - if (bufsize >= len) + if (bufsize && bufsize >= len) memcpy(buf, s, len); break; case 'f': s = va_arg(ap,char *); w = strlen(s); len = w + 1; - if (bufsize >= len) + if (bufsize && bufsize >= len) memcpy(buf, s, len); break; case 'B': i = va_arg(ap, int); s = va_arg(ap, char *); len = 4+i; - if (bufsize >= len) { + if (bufsize && bufsize >= len) { SIVAL(buf, 0, i); memcpy(buf+4, s, i); } @@ -452,7 +452,10 @@ size_t tdb_pack(char *buf, int bufsize, const char *fmt, ...) } buf += len; - bufsize -= len; + if (bufsize) + bufsize -= len; + if (bufsize < 0) + bufsize = 0; } va_end(ap); |