s3: Fix an uninitialized variable read
authorVolker Lendecke <vl@samba.org>
Sun, 14 Mar 2010 20:18:34 +0000 (21:18 +0100)
committerKarolin Seeger <kseeger@samba.org>
Tue, 16 Mar 2010 07:59:48 +0000 (08:59 +0100)
Found by Laurent Gaffie <laurent.gaffie@gmail.com>

Thanks for that,

Volker

Fix bug #7254 (An uninitialized variable read could cause an smbd crash).

source3/smbd/sesssetup.c

index 1529166..68cb8d3 100644 (file)
@@ -1213,7 +1213,7 @@ static void reply_sesssetup_and_X_spnego(struct smb_request *req)
        file_save("negotiate.dat", blob1.data, blob1.length);
 #endif
 
-       p2 = (char *)req->buf + data_blob_len;
+       p2 = (char *)req->buf + blob1.length;
 
        p2 += srvstr_pull_req_talloc(talloc_tos(), req, &tmp, p2,
                                     STR_TERMINATE);