summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorJeremy Allison <jra@samba.org>2013-03-26 16:46:51 -0700
committerDavid Disseldorp <ddiss@samba.org>2013-04-02 20:06:38 +0200
commit43becd6f305bd5d21d886027d38a92d4dff22d75 (patch)
treebc4efe4353cd6552913f35dbe17af3abbea3170f
parent7bee3ef68490bb38942d717e03e203d00be32f9f (diff)
downloadsamba-43becd6f305bd5d21d886027d38a92d4dff22d75.tar.gz
samba-43becd6f305bd5d21d886027d38a92d4dff22d75.tar.bz2
samba-43becd6f305bd5d21d886027d38a92d4dff22d75.zip
Ensure we don't return uninitialized memory in the pad bytes.
Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: David Disseldorp <ddiss@suse.de>
-rw-r--r--source3/smbd/trans2.c8
1 files changed, 7 insertions, 1 deletions
diff --git a/source3/smbd/trans2.c b/source3/smbd/trans2.c
index b243af8f27..df6fe92c3a 100644
--- a/source3/smbd/trans2.c
+++ b/source3/smbd/trans2.c
@@ -480,6 +480,7 @@ static NTSTATUS fill_ea_chained_buffer(TALLOC_CTX *mem_ctx,
size_t dos_namelen;
fstring dos_ea_name;
size_t this_size;
+ size_t pad = 0;
if (last_start != NULL && do_store_data) {
SIVAL(last_start, 0, PTR_DIFF(p, last_start));
@@ -498,7 +499,7 @@ static NTSTATUS fill_ea_chained_buffer(TALLOC_CTX *mem_ctx,
this_size = 0x08 + dos_namelen + 1 + ea_list->ea.value.length;
if (ea_list->next) {
- size_t pad = 4 - (this_size % 4);
+ pad = 4 - (this_size % 4);
this_size += pad;
}
@@ -514,6 +515,11 @@ static NTSTATUS fill_ea_chained_buffer(TALLOC_CTX *mem_ctx,
SSVAL(p, 0x06, ea_list->ea.value.length);
strlcpy((char *)(p+0x08), dos_ea_name, dos_namelen+1);
memcpy(p + 0x08 + dos_namelen + 1, ea_list->ea.value.data, ea_list->ea.value.length);
+ if (pad) {
+ memset(p + 0x08 + dos_namelen + 1 + ea_list->ea.value.length,
+ '\0',
+ pad);
+ }
total_data_size -= this_size;
}