nmbd would core dump if a large number of netbios aliases is set. The

problem was a buffer overflow in process_node_status_request(). this really points out a general problem is allocating MAX_DGRAM_SIZE packets on the stack in nmbd. There must be a better way. (This used to be commit 7db45f169c33e0f3a67ba2260049226992de8bdf)
author: Andrew Tridgell <tridge@samba.org> 1998-08-28 14:35:24 +0000
committer: Andrew Tridgell <tridge@samba.org> 1998-08-28 14:35:24 +0000
commit: c077bce5c0f760dc918b0442346502ec96a92c1b (patch)
tree: dd21b2d4c19a29de253034219e25bcc680fe81ca /source3
parent: d0cfc1f04192bd22ce750e076d81d8be64504adc (diff)
download: samba-c077bce5c0f760dc918b0442346502ec96a92c1b.tar.gz
samba-c077bce5c0f760dc918b0442346502ec96a92c1b.tar.bz2
samba-c077bce5c0f760dc918b0442346502ec96a92c1b.zip
1 files changed, 3 insertions, 2 deletions
diff --git a/source3/nmbd/nmbd_incomingrequests.c b/source3/nmbd/nmbd_incomingrequests.c
index 3c9438ace3..a3afbe827a 100644
--- a/source3/nmbd/nmbd_incomingrequests.c
+++ b/source3/nmbd/nmbd_incomingrequests.c
@@ -341,8 +341,9 @@ subnet %s - name not found.\n", namestr(&nmb->question.question_name),
     return;
   }
  
-  /* XXXX hack, we should calculate exactly how many will fit. */
-  bufend = &rdata[MAX_DGRAM_SIZE] - 18;
+  /* this is not an exact calculation. the 46 is for the stats buffer
+     and the 60 is to leave room for the header etc */
+  bufend = &rdata[MAX_DGRAM_SIZE] - (18 + 46 + 60);
   countptr = buf = rdata;
   buf += 1;
   buf0 = buf;
author	Andrew Tridgell <tridge@samba.org>	1998-08-28 14:35:24 +0000
committer	Andrew Tridgell <tridge@samba.org>	1998-08-28 14:35:24 +0000
commit	c077bce5c0f760dc918b0442346502ec96a92c1b (patch)
tree	dd21b2d4c19a29de253034219e25bcc680fe81ca /source3
parent	d0cfc1f04192bd22ce750e076d81d8be64504adc (diff)
download	samba-c077bce5c0f760dc918b0442346502ec96a92c1b.tar.gz samba-c077bce5c0f760dc918b0442346502ec96a92c1b.tar.bz2 samba-c077bce5c0f760dc918b0442346502ec96a92c1b.zip