Author: vlendec Date: 2006-11-13 10:50:55 +0000 (Mon, 13 Nov 2006) New Revision: 19689
WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba&rev=19689 Log: Fix a NULL dereference found by coverity (the call to strlen). Jerry, please check this. The way I understood alpha_strcpy the last arg needs to be the size of the target, not of the source. Thanks, Volker Modified: branches/SAMBA_3_0/source/rpc_server/srv_winreg_nt.c Changeset: Modified: branches/SAMBA_3_0/source/rpc_server/srv_winreg_nt.c =================================================================== --- branches/SAMBA_3_0/source/rpc_server/srv_winreg_nt.c 2006-11-13 10:43:12 UTC (rev 19688) +++ branches/SAMBA_3_0/source/rpc_server/srv_winreg_nt.c 2006-11-13 10:50:55 UTC (rev 19689) @@ -689,12 +689,14 @@ /* pull the message string and perform necessary sanity checks on it */ + chkmsg[0] = '\0'; + if ( message && message->name && message->name->name ) { if ( (msg = talloc_strdup(p->mem_ctx, message->name->name )) == NULL ) { return WERR_NOMEM; } + alpha_strcpy (chkmsg, msg, NULL, sizeof(chkmsg)); } - alpha_strcpy (chkmsg, msg?msg:"", NULL, strlen(msg)); fstr_sprintf(str_timeout, "%d", timeout); fstr_sprintf(r, reboot ? SHUTDOWN_R_STRING : "");