diff options
author | Jeremy Allison <jra@samba.org> | 1998-03-27 02:39:26 +0000 |
---|---|---|
committer | Jeremy Allison <jra@samba.org> | 1998-03-27 02:39:26 +0000 |
commit | f52bb48748cf330d8d9a9c6350f53e84e4adaece (patch) | |
tree | df876fba511c1f443c6d7700332b1e92062dc117 | |
parent | 6cd35ce945a0ff3e9c787ec12ef81161a6aecbe4 (diff) | |
download | samba-f52bb48748cf330d8d9a9c6350f53e84e4adaece.tar.gz samba-f52bb48748cf330d8d9a9c6350f53e84e4adaece.tar.bz2 samba-f52bb48748cf330d8d9a9c6350f53e84e4adaece.zip |
Fix for client generated core-dump bug where offset to readraw
was so large that when used with -DUSE_MMAP it caused the unsigned
subtraction to wrap aound and become positive - thus causing
a silly memcpy offset. Thanks to "Michael St. Laurent" <rowl@earthlink.net>
for giving me the core dump that allowed me to track this one
down.
Jeremy.
(This used to be commit c9e066037ab222472085c4a0ecc8a39b337ad2aa)
-rw-r--r-- | source3/smbd/server.c | 3 |
1 files changed, 2 insertions, 1 deletions
diff --git a/source3/smbd/server.c b/source3/smbd/server.c index 08cf013920..39580d008d 100644 --- a/source3/smbd/server.c +++ b/source3/smbd/server.c @@ -2058,7 +2058,8 @@ int read_file(int fnum,char *data,uint32 pos,int n) #if USE_MMAP if (Files[fnum].mmap_ptr) { - int num = MIN(n,(int)(Files[fnum].mmap_size-pos)); + int num = (Files[fnum].mmap_size > pos) ? (Files[fnum].mmap_size - pos) : -1; + num = MIN(n,num); if (num > 0) { memcpy(data,Files[fnum].mmap_ptr+pos,num); |