From 1e59a8a24f64065b80df73c6770ea573eac05000 Mon Sep 17 00:00:00 2001 From: Alexander Bokovoy Date: Tue, 16 Aug 2005 13:22:01 +0000 Subject: r9321: Fix potential bug found by Coverity. src_len has to be int but later we do pass it as size_t. In case src_len is negative, we need to register a failure and return to the caller (This used to be commit 95d96c79a538814bb524d7905e1e8f64df6341ca) --- source4/smb_server/request.c | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) (limited to 'source4/smb_server/request.c') diff --git a/source4/smb_server/request.c b/source4/smb_server/request.c index c31fee6d19..93d9a160f3 100644 --- a/source4/smb_server/request.c +++ b/source4/smb_server/request.c @@ -491,16 +491,16 @@ static size_t req_pull_ucs2(struct smbsrv_request *req, const char **dest, const src_len = byte_len; } else { src_len = req->in.data_size - PTR_DIFF(src, req->in.data); - if (src_len < 0) { - *dest = NULL; - return 0; - } - if (byte_len != -1 && src_len > byte_len) { src_len = byte_len; } } + if (src_len < 0) { + *dest = NULL; + return 0; + } + src_len2 = utf16_len_n(src, src_len); if (src_len2 == 0) { *dest = talloc_strdup(req, ""); -- cgit