summaryrefslogtreecommitdiff
path: root/source3/locking
diff options
context:
space:
mode:
authorAndrew Bartlett <abartlet@samba.org>2003-02-24 01:13:31 +0000
committerAndrew Bartlett <abartlet@samba.org>2003-02-24 01:13:31 +0000
commite68684aa65b579081163c175d681b7867a0828bf (patch)
treea6306ed4e60f86159a2b62a886be62d8273348cc /source3/locking
parentbd0bbde1bba4ad4e6e95f269912943d9d583dce4 (diff)
downloadsamba-e68684aa65b579081163c175d681b7867a0828bf.tar.gz
samba-e68684aa65b579081163c175d681b7867a0828bf.tar.bz2
samba-e68684aa65b579081163c175d681b7867a0828bf.zip
Fix 2 off-by-one bugs in the use of malloc()ed strings and safe_strcpy().
safe_strcpy() isn't particularly safe (this has been noted before) as it does not take the size of the buffer, but instead the size of the buffer *minus 1* The locking.c fix was causing segfaults on machines running with --enable-developer, and was tracked down thanks to the fact that vance's build farm machine runs with such an option, and smbtorture's DIR1 test hits this bug very well. (The --enable-developer code writes to the last byte of the string, to check for incorrect use of safe_strcpy()). Andrew Bartlett (This used to be commit e908fd164d1b11b6f76a6fdffb22e139813cb3c0)
Diffstat (limited to 'source3/locking')
-rw-r--r--source3/locking/locking.c2
1 files changed, 1 insertions, 1 deletions
diff --git a/source3/locking/locking.c b/source3/locking/locking.c
index d4794560f6..fdfd4d661c 100644
--- a/source3/locking/locking.c
+++ b/source3/locking/locking.c
@@ -630,7 +630,7 @@ BOOL set_share_mode(files_struct *fsp, uint16 port, uint16 op_type)
fsp->fsp_name ));
offset = sizeof(*data) + sizeof(share_mode_entry);
- safe_strcpy(p + offset, fname, size - offset);
+ safe_strcpy(p + offset, fname, size - offset - 1);
fill_share_mode(p + sizeof(*data), fsp, port, op_type);
dbuf.dptr = p;
dbuf.dsize = size;