From 6442b0fcc1931c9b41dd66b3450a216f673d4fe2 Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Thu, 28 Jan 2010 18:58:23 +0100 Subject: libcli/nbt: fix off-by-one bug in ndr_pull_wrepl_nbt_name() The scope starts at byte 17 with index 16. metze --- libcli/nbt/nbtname.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'libcli/nbt/nbtname.c') diff --git a/libcli/nbt/nbtname.c b/libcli/nbt/nbtname.c index 1650ff96ae..792b340618 100644 --- a/libcli/nbt/nbtname.c +++ b/libcli/nbt/nbtname.c @@ -558,8 +558,8 @@ _PUBLIC_ enum ndr_err_code ndr_pull_wrepl_nbt_name(struct ndr_pull *ndr, int ndr r->name = talloc_strdup(r, (char *)namebuf); if (!r->name) return ndr_pull_error(ndr, NDR_ERR_ALLOC, "out of memory"); - if (namebuf_len > 18) { - r->scope = talloc_strndup(r, (char *)(namebuf+17), namebuf_len-17); + if (namebuf_len > 17) { + r->scope = talloc_strndup(r, (char *)(namebuf+16), namebuf_len-17); if (!r->scope) return ndr_pull_error(ndr, NDR_ERR_ALLOC, "out of memory"); } else { r->scope = NULL; -- cgit