diff options
author | Jeremy Allison <jra@samba.org> | 2013-03-26 16:46:51 -0700 |
---|---|---|
committer | David Disseldorp <ddiss@samba.org> | 2013-04-02 20:06:38 +0200 |
commit | 43becd6f305bd5d21d886027d38a92d4dff22d75 (patch) | |
tree | bc4efe4353cd6552913f35dbe17af3abbea3170f | |
parent | 7bee3ef68490bb38942d717e03e203d00be32f9f (diff) | |
download | samba-43becd6f305bd5d21d886027d38a92d4dff22d75.tar.gz samba-43becd6f305bd5d21d886027d38a92d4dff22d75.tar.bz2 samba-43becd6f305bd5d21d886027d38a92d4dff22d75.zip |
Ensure we don't return uninitialized memory in the pad bytes.
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: David Disseldorp <ddiss@suse.de>
-rw-r--r-- | source3/smbd/trans2.c | 8 |
1 files changed, 7 insertions, 1 deletions
diff --git a/source3/smbd/trans2.c b/source3/smbd/trans2.c index b243af8f27..df6fe92c3a 100644 --- a/source3/smbd/trans2.c +++ b/source3/smbd/trans2.c @@ -480,6 +480,7 @@ static NTSTATUS fill_ea_chained_buffer(TALLOC_CTX *mem_ctx, size_t dos_namelen; fstring dos_ea_name; size_t this_size; + size_t pad = 0; if (last_start != NULL && do_store_data) { SIVAL(last_start, 0, PTR_DIFF(p, last_start)); @@ -498,7 +499,7 @@ static NTSTATUS fill_ea_chained_buffer(TALLOC_CTX *mem_ctx, this_size = 0x08 + dos_namelen + 1 + ea_list->ea.value.length; if (ea_list->next) { - size_t pad = 4 - (this_size % 4); + pad = 4 - (this_size % 4); this_size += pad; } @@ -514,6 +515,11 @@ static NTSTATUS fill_ea_chained_buffer(TALLOC_CTX *mem_ctx, SSVAL(p, 0x06, ea_list->ea.value.length); strlcpy((char *)(p+0x08), dos_ea_name, dos_namelen+1); memcpy(p + 0x08 + dos_namelen + 1, ea_list->ea.value.data, ea_list->ea.value.length); + if (pad) { + memset(p + 0x08 + dos_namelen + 1 + ea_list->ea.value.length, + '\0', + pad); + } total_data_size -= this_size; } |