summaryrefslogtreecommitdiff
path: root/source3/nmbd
diff options
context:
space:
mode:
authorAndrew Tridgell <tridge@samba.org>1998-08-28 14:35:24 +0000
committerAndrew Tridgell <tridge@samba.org>1998-08-28 14:35:24 +0000
commitc077bce5c0f760dc918b0442346502ec96a92c1b (patch)
treedd21b2d4c19a29de253034219e25bcc680fe81ca /source3/nmbd
parentd0cfc1f04192bd22ce750e076d81d8be64504adc (diff)
downloadsamba-c077bce5c0f760dc918b0442346502ec96a92c1b.tar.gz
samba-c077bce5c0f760dc918b0442346502ec96a92c1b.tar.bz2
samba-c077bce5c0f760dc918b0442346502ec96a92c1b.zip
nmbd would core dump if a large number of netbios aliases is set. The
problem was a buffer overflow in process_node_status_request(). this really points out a general problem is allocating MAX_DGRAM_SIZE packets on the stack in nmbd. There must be a better way. (This used to be commit 7db45f169c33e0f3a67ba2260049226992de8bdf)
Diffstat (limited to 'source3/nmbd')
-rw-r--r--source3/nmbd/nmbd_incomingrequests.c5
1 files changed, 3 insertions, 2 deletions
diff --git a/source3/nmbd/nmbd_incomingrequests.c b/source3/nmbd/nmbd_incomingrequests.c
index 3c9438ace3..a3afbe827a 100644
--- a/source3/nmbd/nmbd_incomingrequests.c
+++ b/source3/nmbd/nmbd_incomingrequests.c
@@ -341,8 +341,9 @@ subnet %s - name not found.\n", namestr(&nmb->question.question_name),
return;
}
- /* XXXX hack, we should calculate exactly how many will fit. */
- bufend = &rdata[MAX_DGRAM_SIZE] - 18;
+ /* this is not an exact calculation. the 46 is for the stats buffer
+ and the 60 is to leave room for the header etc */
+ bufend = &rdata[MAX_DGRAM_SIZE] - (18 + 46 + 60);
countptr = buf = rdata;
buf += 1;
buf0 = buf;