From c077bce5c0f760dc918b0442346502ec96a92c1b Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Fri, 28 Aug 1998 14:35:24 +0000 Subject: nmbd would core dump if a large number of netbios aliases is set. The problem was a buffer overflow in process_node_status_request(). this really points out a general problem is allocating MAX_DGRAM_SIZE packets on the stack in nmbd. There must be a better way. (This used to be commit 7db45f169c33e0f3a67ba2260049226992de8bdf) --- source3/nmbd/nmbd_incomingrequests.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) (limited to 'source3/nmbd') diff --git a/source3/nmbd/nmbd_incomingrequests.c b/source3/nmbd/nmbd_incomingrequests.c index 3c9438ace3..a3afbe827a 100644 --- a/source3/nmbd/nmbd_incomingrequests.c +++ b/source3/nmbd/nmbd_incomingrequests.c @@ -341,8 +341,9 @@ subnet %s - name not found.\n", namestr(&nmb->question.question_name), return; } - /* XXXX hack, we should calculate exactly how many will fit. */ - bufend = &rdata[MAX_DGRAM_SIZE] - 18; + /* this is not an exact calculation. the 46 is for the stats buffer + and the 60 is to leave room for the header etc */ + bufend = &rdata[MAX_DGRAM_SIZE] - (18 + 46 + 60); countptr = buf = rdata; buf += 1; buf0 = buf; -- cgit