From 798af9e0c86976245c36ea1f0c7171e9ab663da7 Mon Sep 17 00:00:00 2001
From: Jeremy Allison <jra@samba.org>
Date: Mon, 7 May 2007 19:27:46 +0000
Subject: r22754: When processing a string, ensure we don't write one past the
 terminating NULL if we've already processed the null in iconv. Jerry, once I
 get confirmation from Thomas Bork this needs to be in 3.0.25 final. Tests
 fine with valgrind here. Jeremy. (This used to be commit
 14b167ef6e0f2100bd9cdd05c4457e57e952fa5e)

---
 source3/lib/charcnv.c | 21 +++++++++++++++------
 1 file changed, 15 insertions(+), 6 deletions(-)

(limited to 'source3')

diff --git a/source3/lib/charcnv.c b/source3/lib/charcnv.c
index 3d02988a97..8d5fbc8118 100644
--- a/source3/lib/charcnv.c
+++ b/source3/lib/charcnv.c
@@ -972,13 +972,18 @@ size_t pull_ascii(char *dest, const void *src, size_t dest_len, size_t src_len,
 
 	ret = convert_string(CH_DOS, CH_UNIX, src, src_len, dest, dest_len, True);
 	if (ret == (size_t)-1) {
+		ret = 0;
 		dest_len = 0;
 	}
 
-	if (dest_len)
-		dest[MIN(ret, dest_len-1)] = 0;
-	else 
+	if (dest_len && ret) {
+		/* Did we already process the terminating zero ? */
+		if (dest[MIN(ret-1, dest_len-1)] != 0) {
+			dest[MIN(ret, dest_len-1)] = 0;
+		}
+	} else  {
 		dest[0] = 0;
+	}
 
 	return src_len;
 }
@@ -1219,10 +1224,14 @@ size_t pull_ucs2(const void *base_ptr, char *dest, const void *src, size_t dest_
 	if (src_len == (size_t)-1)
 		src_len = ret*2;
 		
-	if (dest_len)
-		dest[MIN(ret, dest_len-1)] = 0;
-	else 
+	if (dest_len && ret) {
+		/* Did we already process the terminating zero ? */
+		if (dest[MIN(ret-1, dest_len-1)] != 0) {
+			dest[MIN(ret, dest_len-1)] = 0;
+		}
+	} else {
 		dest[0] = 0;
+	}
 
 	return src_len;
 }
-- 
cgit