From fa302020ee39bf39bf324983cf8e381232691e76 Mon Sep 17 00:00:00 2001 From: Günther Deschner Date: Tue, 14 Apr 2009 12:08:55 +0200 Subject: s3-svcctl: fix memcpy in _svcctl_EnumServicesStatusW(). Make sure we are not copying more than what we have as valid data. Fix from Jeremy. Thanks a lot for watching this so closely! Guenther --- source3/rpc_server/srv_svcctl_nt.c | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) (limited to 'source3/rpc_server') diff --git a/source3/rpc_server/srv_svcctl_nt.c b/source3/rpc_server/srv_svcctl_nt.c index 0b0ef83bee..d73f73f9ec 100644 --- a/source3/rpc_server/srv_svcctl_nt.c +++ b/source3/rpc_server/srv_svcctl_nt.c @@ -464,9 +464,8 @@ WERROR _svcctl_EnumServicesStatusW(pipes_struct *p, if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) { return ntstatus_to_werror(ndr_map_error2ntstatus(ndr_err)); } - blob = ndr_push_blob(ndr); - memcpy(r->out.service, blob.data, r->in.offered); + memcpy(r->out.service, blob.data, MIN(blob.length, r->in.offered)); } *r->out.needed = (buffer_size > r->in.offered) ? buffer_size : r->in.offered; -- cgit