diff options
| author | Andrew Tridgell <tridge@samba.org> | 2002-04-16 06:15:28 +0000 |
|---|---|---|
| committer | Andrew Tridgell <tridge@samba.org> | 2002-04-16 06:15:28 +0000 |
| commit | e7b729e0d9d6264e85be042b16aa6aee0648fcfd (patch) | |
| tree | 8afa07d1e9341ee1fd701ec0d1bbdb7a5dab8d12 /source3/smbd/srvstr.c | |
| parent | a95d731fa496db9bf4f8173b0661fe080c1bcaed (diff) | |
| download | samba-e7b729e0d9d6264e85be042b16aa6aee0648fcfd.tar.gz samba-e7b729e0d9d6264e85be042b16aa6aee0648fcfd.tar.bz2 samba-e7b729e0d9d6264e85be042b16aa6aee0648fcfd.zip | |
make sure we don't walk past the end of the current SMB buffer when
pulling a string
this might explain a serious filename corruption bug that Quantum QA spotted
(This used to be commit a877eae24becad9e0cd5b33ffe0916a20d5ba227)
Diffstat (limited to 'source3/smbd/srvstr.c')
| -rw-r--r-- | source3/smbd/srvstr.c | 9 |
1 files changed, 9 insertions, 0 deletions
diff --git a/source3/smbd/srvstr.c b/source3/smbd/srvstr.c index 90da422f13..36fecf5bd2 100644 --- a/source3/smbd/srvstr.c +++ b/source3/smbd/srvstr.c @@ -30,3 +30,12 @@ int srvstr_pull(void *base_ptr, char *dest, const void *src, int dest_len, int s { return pull_string(base_ptr, dest, src, dest_len, src_len, flags); } + +/* pull a string from the smb_buf part of a packet. In this case the + string can either be null terminated or it can be terminated by the + end of the smbbuf area +*/ +int srvstr_pull_buf(void *inbuf, char *dest, const void *src, int dest_len, int flags) +{ + return pull_string(inbuf, dest, src, dest_len, smb_bufrem(inbuf, src), flags); +} |