From b58ebd10dee6e779fb4b977a7f55db1b23001564 Mon Sep 17 00:00:00 2001
From: Tim Potter <tpot@samba.org>
Date: Fri, 28 Jul 2000 06:27:32 +0000
Subject: Fixed read overrun in init_string2() (This used to be commit
 4ab75143c4466ad0ea8443512dd5ade449d72462)

---
 source3/rpc_parse/parse_misc.c | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

(limited to 'source3/rpc_parse/parse_misc.c')

diff --git a/source3/rpc_parse/parse_misc.c b/source3/rpc_parse/parse_misc.c
index 2a642e1cec..276e66a113 100644
--- a/source3/rpc_parse/parse_misc.c
+++ b/source3/rpc_parse/parse_misc.c
@@ -775,6 +775,8 @@ void copy_unistr2(UNISTR2 *str, UNISTR2 *from)
 
 void init_string2(STRING2 *str, char *buf, int len)
 {
+	int alloc_len = 0;
+
 	/* set up string lengths. */
 	str->str_max_len = len;
 	str->undoc       = 0;
@@ -786,8 +788,8 @@ void init_string2(STRING2 *str, char *buf, int len)
 			parse_misc_talloc = talloc_init();
 
 		if (len < MAX_STRINGLEN)
-			len = MAX_STRINGLEN;
-		str->buffer = talloc(parse_misc_talloc, len);
+			alloc_len = MAX_STRINGLEN;
+		str->buffer = talloc(parse_misc_talloc, alloc_len);
 		if (str->buffer == NULL)
 			smb_panic("init_string2: malloc fail\n");
 		memcpy(str->buffer, buf, len);
-- 
cgit