CVE-2015-5330: strupper_talloc_n_handle(): properly count characters

[samba.git] / lib / util / charset / util_unistr.c

diff --git a/lib/util/charset/util_unistr.c b/lib/util/charset/util_unistr.c
index e4ae65053c733245ad3d0ae792cc0c7679aa04ff..2cc87186daecbb3c421f1cef37b43d2a66e41cca 100644 (file)
--- a/lib/util/charset/util_unistr.c
+++ b/lib/util/charset/util_unistr.c
@@ -110,10 +110,12 @@ _PUBLIC_ char *strupper_talloc_n_handle(struct smb_iconv_handle *iconv_handle,
                return NULL;
        }
 
-       while (n-- && *src) {
+       while (n && *src) {
                size_t c_size;
-               codepoint_t c = next_codepoint_handle(iconv_handle, src, &c_size);
+               codepoint_t c = next_codepoint_handle_ext(iconv_handle, src, n,
+                                                         CH_UNIX, &c_size);
                src += c_size;
+               n -= c_size;
 
                c = toupper_m(c);