diff options
author | Jeremy Allison <jra@samba.org> | 2011-05-03 13:49:28 -0700 |
---|---|---|
committer | Jeremy Allison <jra@samba.org> | 2011-05-04 12:12:14 -0700 |
commit | 265338c194ceab2520ed1df0f64b62e7169406dd (patch) | |
tree | d9555db14c036b5f3c944949b500c18e8d10b076 /source3 | |
parent | 5fa6f390d1a4bdd3c82ced271e4db6c7241194f6 (diff) | |
download | samba-265338c194ceab2520ed1df0f64b62e7169406dd.tar.gz samba-265338c194ceab2520ed1df0f64b62e7169406dd.tar.bz2 samba-265338c194ceab2520ed1df0f64b62e7169406dd.zip |
BUGFIX when converting from safe_strcpy to strlcpy.
We must have a blob legth > 0 in order to safely copy
the (possibly) 16 bytes + 1 byte zero character safely.
Diffstat (limited to 'source3')
-rw-r--r-- | source3/smbd/negprot.c | 6 |
1 files changed, 5 insertions, 1 deletions
diff --git a/source3/smbd/negprot.c b/source3/smbd/negprot.c index 6877ccc861..9f201b8bee 100644 --- a/source3/smbd/negprot.c +++ b/source3/smbd/negprot.c @@ -234,6 +234,10 @@ DATA_BLOB negprot_spnego(TALLOC_CTX *ctx, struct smbd_server_connection *sconn) SAFE_FREE(host_princ_s); } + if (blob.length == 0 || blob.data == NULL) { + return data_blob_null; + } + blob_out = data_blob_talloc(ctx, NULL, 16 + blob.length); if (blob_out.data == NULL) { data_blob_free(&blob); @@ -245,7 +249,7 @@ DATA_BLOB negprot_spnego(TALLOC_CTX *ctx, struct smbd_server_connection *sconn) checked_strlcpy(unix_name, global_myname(), sizeof(unix_name)); strlower_m(unix_name); push_ascii_nstring(dos_name, unix_name); - safe_strcpy((char *)blob_out.data, dos_name, 16); + strlcpy((char *)blob_out.data, dos_name, 17); #ifdef DEVELOPER /* Fix valgrind 'uninitialized bytes' issue. */ |