summaryrefslogtreecommitdiff
path: root/source3/smbd
diff options
context:
space:
mode:
authorJeremy Allison <jra@samba.org>2011-05-03 13:49:28 -0700
committerJeremy Allison <jra@samba.org>2011-05-04 12:12:14 -0700
commit265338c194ceab2520ed1df0f64b62e7169406dd (patch)
treed9555db14c036b5f3c944949b500c18e8d10b076 /source3/smbd
parent5fa6f390d1a4bdd3c82ced271e4db6c7241194f6 (diff)
downloadsamba-265338c194ceab2520ed1df0f64b62e7169406dd.tar.gz
samba-265338c194ceab2520ed1df0f64b62e7169406dd.tar.bz2
samba-265338c194ceab2520ed1df0f64b62e7169406dd.zip
BUGFIX when converting from safe_strcpy to strlcpy.
We must have a blob legth > 0 in order to safely copy the (possibly) 16 bytes + 1 byte zero character safely.
Diffstat (limited to 'source3/smbd')
-rw-r--r--source3/smbd/negprot.c6
1 files changed, 5 insertions, 1 deletions
diff --git a/source3/smbd/negprot.c b/source3/smbd/negprot.c
index 6877ccc861..9f201b8bee 100644
--- a/source3/smbd/negprot.c
+++ b/source3/smbd/negprot.c
@@ -234,6 +234,10 @@ DATA_BLOB negprot_spnego(TALLOC_CTX *ctx, struct smbd_server_connection *sconn)
SAFE_FREE(host_princ_s);
}
+ if (blob.length == 0 || blob.data == NULL) {
+ return data_blob_null;
+ }
+
blob_out = data_blob_talloc(ctx, NULL, 16 + blob.length);
if (blob_out.data == NULL) {
data_blob_free(&blob);
@@ -245,7 +249,7 @@ DATA_BLOB negprot_spnego(TALLOC_CTX *ctx, struct smbd_server_connection *sconn)
checked_strlcpy(unix_name, global_myname(), sizeof(unix_name));
strlower_m(unix_name);
push_ascii_nstring(dos_name, unix_name);
- safe_strcpy((char *)blob_out.data, dos_name, 16);
+ strlcpy((char *)blob_out.data, dos_name, 17);
#ifdef DEVELOPER
/* Fix valgrind 'uninitialized bytes' issue. */