diff options
| author | Andrew Tridgell <tridge@samba.org> | 1998-08-31 03:11:42 +0000 |
|---|---|---|
| committer | Andrew Tridgell <tridge@samba.org> | 1998-08-31 03:11:42 +0000 |
| commit | 61b5fd6f32e9ccb612df1354a3e3b3bed5f2b808 (patch) | |
| tree | 06d72234112a52e30d5b72e367e42efc43e9762f /source3/rpc_server | |
| parent | ab4577f141b0c08a543d998a36892bbafae4e902 (diff) | |
| download | samba-61b5fd6f32e9ccb612df1354a3e3b3bed5f2b808.tar.gz samba-61b5fd6f32e9ccb612df1354a3e3b3bed5f2b808.tar.bz2 samba-61b5fd6f32e9ccb612df1354a3e3b3bed5f2b808.zip | |
bounds check next_token() to prevent possible buffer overflows
(This used to be commit 3eade55dc7c842bdc50205c330802d211fae54d3)
Diffstat (limited to 'source3/rpc_server')
| -rw-r--r-- | source3/rpc_server/srv_util.c | 10 |
1 files changed, 7 insertions, 3 deletions
diff --git a/source3/rpc_server/srv_util.c b/source3/rpc_server/srv_util.c index 6c47db04bf..0a7728aa3a 100644 --- a/source3/rpc_server/srv_util.c +++ b/source3/rpc_server/srv_util.c @@ -137,7 +137,9 @@ int make_dom_gids(char *gids_str, DOM_GID **ppgids) if (gids_str == NULL || *gids_str == 0) return 0; - for (count = 0, ptr = gids_str; next_token(&ptr, s2, NULL); count++) + for (count = 0, ptr = gids_str; + next_token(&ptr, s2, NULL, sizeof(s2)); + count++) ; gids = (DOM_GID *)malloc( sizeof(DOM_GID) * count ); @@ -147,8 +149,10 @@ int make_dom_gids(char *gids_str, DOM_GID **ppgids) return 0; } - for (count = 0, ptr = gids_str; next_token(&ptr, s2, NULL) && - count < LSA_MAX_GROUPS; count++) + for (count = 0, ptr = gids_str; + next_token(&ptr, s2, NULL, sizeof(s2)) && + count < LSA_MAX_GROUPS; + count++) { /* the entries are of the form GID/ATTR, ATTR being optional.*/ char *attr; |