From 21b083a647997549e8188c6fc0687fdecfaa4cb3 Mon Sep 17 00:00:00 2001 From: Günther Deschner Date: Tue, 7 Apr 2009 01:10:41 +0200 Subject: s3-svcctl: Fix _svcctl_EnumServicesStatusW() crash bug on too small buffer. Guenther --- source3/rpc_server/srv_svcctl_nt.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/source3/rpc_server/srv_svcctl_nt.c b/source3/rpc_server/srv_svcctl_nt.c index 3ca85aa755..848cdc25d0 100644 --- a/source3/rpc_server/srv_svcctl_nt.c +++ b/source3/rpc_server/srv_svcctl_nt.c @@ -468,9 +468,11 @@ WERROR _svcctl_EnumServicesStatusW(pipes_struct *p, } blob = ndr_push_blob(ndr); + if (blob.length >= r->in.buf_size) { + memcpy(r->out.service, blob.data, r->in.buf_size); + } } - r->out.service = blob.data; *r->out.bytes_needed = (buffer_size > r->in.buf_size) ? buffer_size : r->in.buf_size; *r->out.services_returned = (uint32)num_services; *r->out.resume_handle = 0x0; -- cgit