From 265338c194ceab2520ed1df0f64b62e7169406dd Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Tue, 3 May 2011 13:49:28 -0700 Subject: BUGFIX when converting from safe_strcpy to strlcpy. We must have a blob legth > 0 in order to safely copy the (possibly) 16 bytes + 1 byte zero character safely. --- source3/smbd/negprot.c | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) (limited to 'source3/smbd/negprot.c') diff --git a/source3/smbd/negprot.c b/source3/smbd/negprot.c index 6877ccc861..9f201b8bee 100644 --- a/source3/smbd/negprot.c +++ b/source3/smbd/negprot.c @@ -234,6 +234,10 @@ DATA_BLOB negprot_spnego(TALLOC_CTX *ctx, struct smbd_server_connection *sconn) SAFE_FREE(host_princ_s); } + if (blob.length == 0 || blob.data == NULL) { + return data_blob_null; + } + blob_out = data_blob_talloc(ctx, NULL, 16 + blob.length); if (blob_out.data == NULL) { data_blob_free(&blob); @@ -245,7 +249,7 @@ DATA_BLOB negprot_spnego(TALLOC_CTX *ctx, struct smbd_server_connection *sconn) checked_strlcpy(unix_name, global_myname(), sizeof(unix_name)); strlower_m(unix_name); push_ascii_nstring(dos_name, unix_name); - safe_strcpy((char *)blob_out.data, dos_name, 16); + strlcpy((char *)blob_out.data, dos_name, 17); #ifdef DEVELOPER /* Fix valgrind 'uninitialized bytes' issue. */ -- cgit