From 2962bec1ab9d916928777f607334122ea4dbbaca Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Thu, 10 Apr 2003 19:08:45 +0000 Subject: Fix from Andrew Esh to ensure tdb_pack can't segfault. Jeremy. (This used to be commit 9783929d4ed51e63bddde4b890caa01b737abe85) --- source3/tdb/tdbutil.c | 17 ++++++++++------- 1 file changed, 10 insertions(+), 7 deletions(-) diff --git a/source3/tdb/tdbutil.c b/source3/tdb/tdbutil.c index 0d8f6128cc..49005f8765 100644 --- a/source3/tdb/tdbutil.c +++ b/source3/tdb/tdbutil.c @@ -405,41 +405,41 @@ size_t tdb_pack(char *buf, int bufsize, const char *fmt, ...) case 'w': len = 2; w = (uint16)va_arg(ap, int); - if (bufsize >= len) + if (bufsize && bufsize >= len) SSVAL(buf, 0, w); break; case 'd': len = 4; d = va_arg(ap, uint32); - if (bufsize >= len) + if (bufsize && bufsize >= len) SIVAL(buf, 0, d); break; case 'p': len = 4; p = va_arg(ap, void *); d = p?1:0; - if (bufsize >= len) + if (bufsize && bufsize >= len) SIVAL(buf, 0, d); break; case 'P': s = va_arg(ap,char *); w = strlen(s); len = w + 1; - if (bufsize >= len) + if (bufsize && bufsize >= len) memcpy(buf, s, len); break; case 'f': s = va_arg(ap,char *); w = strlen(s); len = w + 1; - if (bufsize >= len) + if (bufsize && bufsize >= len) memcpy(buf, s, len); break; case 'B': i = va_arg(ap, int); s = va_arg(ap, char *); len = 4+i; - if (bufsize >= len) { + if (bufsize && bufsize >= len) { SIVAL(buf, 0, i); memcpy(buf+4, s, i); } @@ -452,7 +452,10 @@ size_t tdb_pack(char *buf, int bufsize, const char *fmt, ...) } buf += len; - bufsize -= len; + if (bufsize) + bufsize -= len; + if (bufsize < 0) + bufsize = 0; } va_end(ap); -- cgit