The branch, v3-4-test has been updated via 832fed7... Missed one check on the memcpy for bug #7063. via 974bc68... Second part of fix for bug 7063 - Samba 3.4.5 on ubuntu 8.04 64 bit - Core dumps. from 9e64c33... Fix bug 7104 - "wide links" and "unix extensions" are incompatible.
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-4-test - Log ----------------------------------------------------------------- commit 832fed700589ba0a49381fac71ff99edb5e8f167 Author: Jeremy Allison <j...@samba.org> Date: Tue Feb 9 14:56:12 2010 -0800 Missed one check on the memcpy for bug #7063. Jeremy. commit 974bc68d7884ab77210a237e4ca8020ee88ae059 Author: Jeremy Allison <j...@samba.org> Date: Tue Feb 9 14:48:15 2010 -0800 Second part of fix for bug 7063 - Samba 3.4.5 on ubuntu 8.04 64 bit - Core dumps. Ensure we have no naked memcpy calls. This isn't a crash bug (it's already checked in the data_blob_talloc_zero() above, but I want to get into the pattern of having all memcpy's covered by safety checks. Jeremy. ----------------------------------------------------------------------- Summary of changes: source3/rpc_server/srv_spoolss_nt.c | 5 ++++- 1 files changed, 4 insertions(+), 1 deletions(-) Changeset truncated at 500 lines: diff --git a/source3/rpc_server/srv_spoolss_nt.c b/source3/rpc_server/srv_spoolss_nt.c index c490a38..3870da9 100644 --- a/source3/rpc_server/srv_spoolss_nt.c +++ b/source3/rpc_server/srv_spoolss_nt.c @@ -9955,7 +9955,10 @@ WERROR _spoolss_XcvData(pipes_struct *p, *r->out.status_code = 0; - memcpy(r->out.out_data, out_data.data, out_data.length); + if (r->out.out_data && out_data.data && r->in.out_data_size && out_data.length) { + memcpy(r->out.out_data, out_data.data, + MIN(r->in.out_data_size, out_data.length)); + } return WERR_OK; } -- Samba Shared Repository