there are places in the samba3 code that don't check properly for
authorAndrew Tridgell <tridge@samba.org>
Mon, 2 Feb 2004 12:09:35 +0000 (12:09 +0000)
committerAndrew Tridgell <tridge@samba.org>
Mon, 2 Feb 2004 12:09:35 +0000 (12:09 +0000)
packet-termination of strings. This change ensures that when we go
past the end of a packet we hit 2 null bytes, thus terminating. We are
relying on the SAFETY_MARGIN packet allocation stuff here.
(This used to be commit 655ec168288159f5c0961ed8cbdd84c4e14eab26)

source3/lib/util_sock.c

index 328ca92727731f34f8deb5749d13c04940cc6f0e..5eb9c18b60433d4c0d7942402c79e1a4309fbda7 100644 (file)
@@ -552,6 +552,10 @@ BOOL receive_smb_raw(int fd,char *buffer, unsigned int timeout)
                                smb_read_error = READ_ERROR;
                        return False;
                }
                                smb_read_error = READ_ERROR;
                        return False;
                }
+               
+               /* not all of samba3 properly checks for packet-termination of strings. This
+                  ensures that we don't run off into empty space. */
+               SSVAL(buffer+4,len, 0);
        }
 
        return True;
        }
 
        return True;