diff options
| author | Andrew Tridgell <tridge@samba.org> | 2004-02-02 12:09:35 +0000 |
|---|---|---|
| committer | Andrew Tridgell <tridge@samba.org> | 2004-02-02 12:09:35 +0000 |
| commit | 7847b611acff4ed2453aaacdd1455ceaf84bb431 (patch) | |
| tree | 807e0ee09664b7cd806743aad32db2cc3eba8631 | |
| parent | 423ad9097448e5a07ba26172302450ae7165d85a (diff) | |
| download | samba-7847b611acff4ed2453aaacdd1455ceaf84bb431.tar.gz samba-7847b611acff4ed2453aaacdd1455ceaf84bb431.tar.bz2 samba-7847b611acff4ed2453aaacdd1455ceaf84bb431.zip | |
there are places in the samba3 code that don't check properly for
packet-termination of strings. This change ensures that when we go
past the end of a packet we hit 2 null bytes, thus terminating. We are
relying on the SAFETY_MARGIN packet allocation stuff here.
(This used to be commit 655ec168288159f5c0961ed8cbdd84c4e14eab26)
| -rw-r--r-- | source3/lib/util_sock.c | 4 |
1 files changed, 4 insertions, 0 deletions
diff --git a/source3/lib/util_sock.c b/source3/lib/util_sock.c index 328ca92727..5eb9c18b60 100644 --- a/source3/lib/util_sock.c +++ b/source3/lib/util_sock.c @@ -552,6 +552,10 @@ BOOL receive_smb_raw(int fd,char *buffer, unsigned int timeout) smb_read_error = READ_ERROR; return False; } + + /* not all of samba3 properly checks for packet-termination of strings. This + ensures that we don't run off into empty space. */ + SSVAL(buffer+4,len, 0); } return True; |