From 819c15449882a0c08689a4565bf0b31f756f05bd Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Wed, 17 May 2000 19:17:16 +0000 Subject: Fixed bug I introduced last night (sorry). Now truncate incoming prs_struct buffer size to exact size of incoming data to prevent read overruns into slop space. Jeremy. (This used to be commit aa1a4f46da9584240cd6cee6fb652aa73e77015c) --- source3/rpc_server/srv_pipe_hnd.c | 7 +++++++ 1 file changed, 7 insertions(+) (limited to 'source3/rpc_server') diff --git a/source3/rpc_server/srv_pipe_hnd.c b/source3/rpc_server/srv_pipe_hnd.c index f19aed1886..a349da839a 100644 --- a/source3/rpc_server/srv_pipe_hnd.c +++ b/source3/rpc_server/srv_pipe_hnd.c @@ -475,6 +475,13 @@ authentication failed. Denying the request.\n", p->name)); * Call the rpc command to process it. */ + /* + * Ensure the internal prs buffer size is *exactly* the same + * size as the current offset. + */ + + prs_set_buffer_size(&p->in_data.data, prs_offset(&p->in_data.data)); + /* * Set the parse offset to the start of the data and set the * prs_struct to UNMARSHALL. -- cgit