The branch, v3-4-test has been updated
via 832fed7... Missed one check on the memcpy for bug #7063.
via 974bc68... Second part of fix for bug 7063 - Samba 3.4.5 on ubuntu
8.04 64 bit - Core dumps.
from 9e64c33... Fix bug 7104 - "wide links" and "unix extensions" are
incompatible.
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-4-test
- Log -----------------------------------------------------------------
commit 832fed700589ba0a49381fac71ff99edb5e8f167
Author: Jeremy Allison <j...@samba.org>
Date: Tue Feb 9 14:56:12 2010 -0800
Missed one check on the memcpy for bug #7063.
Jeremy.
commit 974bc68d7884ab77210a237e4ca8020ee88ae059
Author: Jeremy Allison <j...@samba.org>
Date: Tue Feb 9 14:48:15 2010 -0800
Second part of fix for bug 7063 - Samba 3.4.5 on ubuntu 8.04 64 bit - Core
dumps.
Ensure we have no naked memcpy calls. This isn't a crash bug (it's
already checked in the data_blob_talloc_zero() above, but I want to
get into the pattern of having all memcpy's covered by safety checks.
Jeremy.
-----------------------------------------------------------------------
Summary of changes:
source3/rpc_server/srv_spoolss_nt.c | 5 ++++-
1 files changed, 4 insertions(+), 1 deletions(-)
Changeset truncated at 500 lines:
diff --git a/source3/rpc_server/srv_spoolss_nt.c
b/source3/rpc_server/srv_spoolss_nt.c
index c490a38..3870da9 100644
--- a/source3/rpc_server/srv_spoolss_nt.c
+++ b/source3/rpc_server/srv_spoolss_nt.c
@@ -9955,7 +9955,10 @@ WERROR _spoolss_XcvData(pipes_struct *p,
*r->out.status_code = 0;
- memcpy(r->out.out_data, out_data.data, out_data.length);
+ if (r->out.out_data && out_data.data && r->in.out_data_size &&
out_data.length) {
+ memcpy(r->out.out_data, out_data.data,
+ MIN(r->in.out_data_size, out_data.length));
+ }
return WERR_OK;
}
--
Samba Shared Repository
