From b510e5e6c4332356067331c7afff47f7dbf587fc Mon Sep 17 00:00:00 2001 From: Andreas Schneider Date: Tue, 19 Feb 2013 09:23:53 +0100 Subject: pdb: Fix array overrun by one. Reviewed-by: Alexander Bokovoy --- source3/passdb/pdb_smbpasswd.c | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) (limited to 'source3/passdb') diff --git a/source3/passdb/pdb_smbpasswd.c b/source3/passdb/pdb_smbpasswd.c index 0703ea4607..83785c68a1 100644 --- a/source3/passdb/pdb_smbpasswd.c +++ b/source3/passdb/pdb_smbpasswd.c @@ -737,7 +737,8 @@ static bool mod_smbfilepwd_entry(struct smbpasswd_privates *smbpasswd_state, con fstring user_name; char *status; - char linebuf[256]; +#define LINEBUF_SIZE 255 + char linebuf[LINEBUF_SIZE + 1]; char readbuf[1024]; int c; fstring ascii_p16; @@ -792,7 +793,7 @@ static bool mod_smbfilepwd_entry(struct smbpasswd_privates *smbpasswd_state, con linebuf[0] = '\0'; - status = fgets(linebuf, sizeof(linebuf), fp); + status = fgets(linebuf, LINEBUF_SIZE, fp); if (status == NULL && ferror(fp)) { pw_file_unlock(lockfd, &smbpasswd_state->pw_file_lock_depth); fclose(fp); @@ -1021,7 +1022,7 @@ This is no longer supported.!\n", pwd->smb_name)); dump_data(100, (uint8 *)ascii_p16, wr_len); #endif - if(wr_len > sizeof(linebuf)) { + if(wr_len > LINEBUF_SIZE) { DEBUG(0, ("mod_smbfilepwd_entry: line to write (%d) is too long.\n", wr_len+1)); pw_file_unlock(lockfd,&smbpasswd_state->pw_file_lock_depth); fclose(fp); -- cgit