summaryrefslogtreecommitdiff
path: root/source3/smbd
diff options
context:
space:
mode:
authorJeremy Allison <jra@samba.org>1998-03-27 02:39:26 +0000
committerJeremy Allison <jra@samba.org>1998-03-27 02:39:26 +0000
commitf52bb48748cf330d8d9a9c6350f53e84e4adaece (patch)
treedf876fba511c1f443c6d7700332b1e92062dc117 /source3/smbd
parent6cd35ce945a0ff3e9c787ec12ef81161a6aecbe4 (diff)
downloadsamba-f52bb48748cf330d8d9a9c6350f53e84e4adaece.tar.gz
samba-f52bb48748cf330d8d9a9c6350f53e84e4adaece.tar.bz2
samba-f52bb48748cf330d8d9a9c6350f53e84e4adaece.zip
Fix for client generated core-dump bug where offset to readraw
was so large that when used with -DUSE_MMAP it caused the unsigned subtraction to wrap aound and become positive - thus causing a silly memcpy offset. Thanks to "Michael St. Laurent" <rowl@earthlink.net> for giving me the core dump that allowed me to track this one down. Jeremy. (This used to be commit c9e066037ab222472085c4a0ecc8a39b337ad2aa)
Diffstat (limited to 'source3/smbd')
-rw-r--r--source3/smbd/server.c3
1 files changed, 2 insertions, 1 deletions
diff --git a/source3/smbd/server.c b/source3/smbd/server.c
index 08cf013920..39580d008d 100644
--- a/source3/smbd/server.c
+++ b/source3/smbd/server.c
@@ -2058,7 +2058,8 @@ int read_file(int fnum,char *data,uint32 pos,int n)
#if USE_MMAP
if (Files[fnum].mmap_ptr)
{
- int num = MIN(n,(int)(Files[fnum].mmap_size-pos));
+ int num = (Files[fnum].mmap_size > pos) ? (Files[fnum].mmap_size - pos) : -1;
+ num = MIN(n,num);
if (num > 0)
{
memcpy(data,Files[fnum].mmap_ptr+pos,num);