git.samba.org / samba.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 9e8475e)
fix 'Invalid read of size 1' in reply_search
authorNoel Power <noel.power@suse.com>
Wed, 28 Oct 2015 17:08:28 +0000 (17:08 +0000)
committerKarolin Seeger <kseeger@samba.org>
Fri, 20 Nov 2015 10:53:15 +0000 (11:53 +0100)
Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
(cherry picked from commit 0f2f8a4f772ff22d00a9e87dafa97a431af8f6da)

source3/smbd/reply.c patch | blob | history

diff --git a/source3/smbd/reply.c b/source3/smbd/reply.c
index 05ebe21d88f2c69b20c917fced3d2980fb516b83..0f96b0daf75144a7dafb3fce9e91b598067a2f59 100644 (file)
--- a/source3/smbd/reply.c
+++ b/source3/smbd/reply.c
@@ -1587,7 +1587,7 @@ void reply_search(struct smb_request *req)
 {
        connection_struct *conn = req->conn;
        char *path = NULL;
-       const char *mask = NULL;
+       char *mask = NULL;
        char *directory = NULL;
        struct smb_filename *smb_fname = NULL;
        char *fname = NULL;
@@ -1668,11 +1668,11 @@ void reply_search(struct smb_request *req)
 
                p = strrchr_m(directory,'/');
                if ((p != NULL) && (*directory != '/')) {
-                       mask = p + 1;
+                       mask = talloc_strdup(ctx, p + 1);
                        directory = talloc_strndup(ctx, directory,
                                                   PTR_DIFF(p, directory));
                } else {
-                       mask = directory;
+                       mask = talloc_strdup(ctx, directory);
                        directory = talloc_strdup(ctx,".");
                }
 
@@ -1721,7 +1721,7 @@ void reply_search(struct smb_request *req)
                        goto out;
                }
 
-               mask = dptr_wcard(sconn, dptr_num);
+               mask = talloc_strdup(ctx, dptr_wcard(sconn, dptr_num));
                if (!mask) {
                        goto SearchEmpty;
                }
@@ -1860,6 +1860,7 @@ void reply_search(struct smb_request *req)
                maxentries ));
  out:
        TALLOC_FREE(directory);
+       TALLOC_FREE(mask);
        TALLOC_FREE(smb_fname);
        END_PROFILE(SMBsearch);
        return;
Samba Shared Repository