make sure we don't walk past the end of the current SMB buffer when

pulling a string this might explain a serious filename corruption bug that Quantum QA spotted (This used to be commit a877eae24becad9e0cd5b33ffe0916a20d5ba227)
author: Andrew Tridgell <tridge@samba.org> 2002-04-16 06:15:28 +0000
committer: Andrew Tridgell <tridge@samba.org> 2002-04-16 06:15:28 +0000
commit: e7b729e0d9d6264e85be042b16aa6aee0648fcfd (patch)
tree: 8afa07d1e9341ee1fd701ec0d1bbdb7a5dab8d12 /source3/smbd/srvstr.c
parent: a95d731fa496db9bf4f8173b0661fe080c1bcaed (diff)
download: samba-e7b729e0d9d6264e85be042b16aa6aee0648fcfd.tar.gz
samba-e7b729e0d9d6264e85be042b16aa6aee0648fcfd.tar.bz2
samba-e7b729e0d9d6264e85be042b16aa6aee0648fcfd.zip
1 files changed, 9 insertions, 0 deletions
diff --git a/source3/smbd/srvstr.c b/source3/smbd/srvstr.c
index 90da422f13..36fecf5bd2 100644
--- a/source3/smbd/srvstr.c
+++ b/source3/smbd/srvstr.c
@@ -30,3 +30,12 @@ int srvstr_pull(void *base_ptr, char *dest, const void *src, int dest_len, int s
 {
 	return pull_string(base_ptr, dest, src, dest_len, src_len, flags);
 }
+
+/* pull a string from the smb_buf part of a packet. In this case the
+   string can either be null terminated or it can be terminated by the
+   end of the smbbuf area 
+*/
+int srvstr_pull_buf(void *inbuf, char *dest, const void *src, int dest_len, int flags)
+{
+	return pull_string(inbuf, dest, src, dest_len, smb_bufrem(inbuf, src), flags);
+}
author	Andrew Tridgell <tridge@samba.org>	2002-04-16 06:15:28 +0000
committer	Andrew Tridgell <tridge@samba.org>	2002-04-16 06:15:28 +0000
commit	e7b729e0d9d6264e85be042b16aa6aee0648fcfd (patch)
tree	8afa07d1e9341ee1fd701ec0d1bbdb7a5dab8d12 /source3/smbd/srvstr.c
parent	a95d731fa496db9bf4f8173b0661fe080c1bcaed (diff)
download	samba-e7b729e0d9d6264e85be042b16aa6aee0648fcfd.tar.gz samba-e7b729e0d9d6264e85be042b16aa6aee0648fcfd.tar.bz2 samba-e7b729e0d9d6264e85be042b16aa6aee0648fcfd.zip