FSCTL_GET_SHADOW_COPY_DATA: Don't return 4 extra bytes at end

labels_data_count already accounts for the unicode null character at the
end of the array. There is no need in adding space for it again.

Signed-off-by: Christof Schmitt <christof.schmitt@us.ibm.com>
Reviewed-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Simo Sorce <idra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Tue Aug  6 04:03:17 CEST 2013 on sn-devel-104

(cherry picked from commit eb50fb8f3bf670bd7d1cf8fd4368ef4a73083696)

The last 2 patches address bug #10549 - CVE-2014-0178: Malformed
FSCTL_SRV_ENUMERATE_SNAPSHOTS response.

Autobuild-User(v4-0-test): Karolin Seeger <kseeger@samba.org>
Autobuild-Date(v4-0-test): Mon May 19 14:29:18 CEST 2014 on sn-devel-104

diff --git a/source3/modules/vfs_default.c b/source3/modules/vfs_default.c
index 99380ab46b165769d45266fa5f47eb935d6d3afb..67050fa8aceda2c1b2331aa24f57f7c5c288e174 100644 (file)
--- a/source3/modules/vfs_default.c
+++ b/source3/modules/vfs_default.c
@@ -1125,7 +1125,7 @@ static NTSTATUS vfswrap_fsctl(struct vfs_handle_struct *handle,
                if (!labels) {
                        *out_len = 16;
                } else {
-                       *out_len = 12 + labels_data_count + 4;
+                       *out_len = 12 + labels_data_count;
                }
 
                if (max_out_len < *out_len) {
@@ -1152,7 +1152,7 @@ static NTSTATUS vfswrap_fsctl(struct vfs_handle_struct *handle,
                }
 
                /* needed_data_count 4 bytes */
-               SIVAL(cur_pdata, 8, labels_data_count + 4);
+               SIVAL(cur_pdata, 8, labels_data_count);
 
                cur_pdata += 12;