diff options
author | Andrew Tridgell <tridge@samba.org> | 1998-08-28 14:35:24 +0000 |
---|---|---|
committer | Andrew Tridgell <tridge@samba.org> | 1998-08-28 14:35:24 +0000 |
commit | c077bce5c0f760dc918b0442346502ec96a92c1b (patch) | |
tree | dd21b2d4c19a29de253034219e25bcc680fe81ca /source3/nmbd | |
parent | d0cfc1f04192bd22ce750e076d81d8be64504adc (diff) | |
download | samba-c077bce5c0f760dc918b0442346502ec96a92c1b.tar.gz samba-c077bce5c0f760dc918b0442346502ec96a92c1b.tar.bz2 samba-c077bce5c0f760dc918b0442346502ec96a92c1b.zip |
nmbd would core dump if a large number of netbios aliases is set. The
problem was a buffer overflow in process_node_status_request().
this really points out a general problem is allocating MAX_DGRAM_SIZE
packets on the stack in nmbd. There must be a better way.
(This used to be commit 7db45f169c33e0f3a67ba2260049226992de8bdf)
Diffstat (limited to 'source3/nmbd')
-rw-r--r-- | source3/nmbd/nmbd_incomingrequests.c | 5 |
1 files changed, 3 insertions, 2 deletions
diff --git a/source3/nmbd/nmbd_incomingrequests.c b/source3/nmbd/nmbd_incomingrequests.c index 3c9438ace3..a3afbe827a 100644 --- a/source3/nmbd/nmbd_incomingrequests.c +++ b/source3/nmbd/nmbd_incomingrequests.c @@ -341,8 +341,9 @@ subnet %s - name not found.\n", namestr(&nmb->question.question_name), return; } - /* XXXX hack, we should calculate exactly how many will fit. */ - bufend = &rdata[MAX_DGRAM_SIZE] - 18; + /* this is not an exact calculation. the 46 is for the stats buffer + and the 60 is to leave room for the header etc */ + bufend = &rdata[MAX_DGRAM_SIZE] - (18 + 46 + 60); countptr = buf = rdata; buf += 1; buf0 = buf; |