From 61b5fd6f32e9ccb612df1354a3e3b3bed5f2b808 Mon Sep 17 00:00:00 2001
From: Andrew Tridgell <tridge@samba.org>
Date: Mon, 31 Aug 1998 03:11:42 +0000
Subject: bounds check next_token() to prevent possible buffer overflows (This
 used to be commit 3eade55dc7c842bdc50205c330802d211fae54d3)

---
 source3/rpc_server/srv_util.c | 10 +++++++---
 1 file changed, 7 insertions(+), 3 deletions(-)

(limited to 'source3/rpc_server/srv_util.c')

diff --git a/source3/rpc_server/srv_util.c b/source3/rpc_server/srv_util.c
index 6c47db04bf..0a7728aa3a 100644
--- a/source3/rpc_server/srv_util.c
+++ b/source3/rpc_server/srv_util.c
@@ -137,7 +137,9 @@ int make_dom_gids(char *gids_str, DOM_GID **ppgids)
   if (gids_str == NULL || *gids_str == 0)
     return 0;
 
-  for (count = 0, ptr = gids_str; next_token(&ptr, s2, NULL); count++)
+  for (count = 0, ptr = gids_str; 
+       next_token(&ptr, s2, NULL, sizeof(s2)); 
+       count++)
     ;
 
   gids = (DOM_GID *)malloc( sizeof(DOM_GID) * count );
@@ -147,8 +149,10 @@ int make_dom_gids(char *gids_str, DOM_GID **ppgids)
     return 0;
   }
 
-  for (count = 0, ptr = gids_str; next_token(&ptr, s2, NULL) && 
-                       count < LSA_MAX_GROUPS; count++) 
+  for (count = 0, ptr = gids_str; 
+       next_token(&ptr, s2, NULL, sizeof(s2)) && 
+	       count < LSA_MAX_GROUPS; 
+       count++) 
   {
     /* the entries are of the form GID/ATTR, ATTR being optional.*/
     char *attr;
-- 
cgit