Fixed bug where mallocd size of prs_struct could be larger than

author Jeremy Allison <jra@samba.org>

Wed, 17 May 2000 03:12:56 +0000 (03:12 +0000)

committer Jeremy Allison <jra@samba.org>

Wed, 17 May 2000 03:12:56 +0000 (03:12 +0000)
author Jeremy Allison <jra@samba.org>
Wed, 17 May 2000 03:12:56 +0000 (03:12 +0000)
committer Jeremy Allison <jra@samba.org>
Wed, 17 May 2000 03:12:56 +0000 (03:12 +0000)
diff --git a/source/rpc_parse/parse_prs.c b/source/rpc_parse/parse_prs.c

index fff1bc27b192ffcb0e5e7031425a8e16da09a6bb..4260b1c8d5a42269a388999b3f2fb1f2a3a844a4 100644 (file)
--- a/source/rpc_parse/parse_prs.c
+++ b/source/rpc_parse/parse_prs.c
@@ -209,6 +209,8 @@ BOOL prs_grow(prs_struct *ps, uint32 extra_space)
                                 (unsigned int)new_size));
                         return False;
                 }
+
+               memset(&new_data[ps->buffer_size], '\0', new_size - ps->buffer_size);
         }
         ps->buffer_size = new_size;
         ps->data_p = new_data;
@@ -239,6 +241,8 @@ BOOL prs_force_grow(prs_struct *ps, uint32 extra_space)
                 return False;
         }
  
+       memset(&new_data[ps->buffer_size], '\0', new_size - ps->buffer_size);
+
         ps->buffer_size = new_size;
         ps->data_p = new_data;
  
@@ -296,7 +300,7 @@ BOOL prs_set_offset(prs_struct *ps, uint32 offset)
  
  BOOL prs_append_prs_data(prs_struct *dst, prs_struct *src)
  {
-       if(!prs_grow(dst, prs_offset(src)))
+       if(!prs_force_grow(dst, prs_offset(src)))
                 return False;
  
         memcpy(&dst->data_p[dst->data_offset], prs_data_p(src), (size_t)prs_offset(src));
@@ -311,7 +315,7 @@ BOOL prs_append_prs_data(prs_struct *dst, prs_struct *src)
  
  BOOL prs_append_some_prs_data(prs_struct *dst, prs_struct *src, int32 start, uint32 len)
  {      
-       if(!prs_grow(dst, len))
+       if(!prs_force_grow(dst, len))
                 return False;
         
         memcpy(&dst->data_p[dst->data_offset], prs_data_p(src)+start, (size_t)len);
@@ -326,7 +330,7 @@ BOOL prs_append_some_prs_data(prs_struct *dst, prs_struct *src, int32 start, uin
  
  BOOL prs_append_data(prs_struct *dst, char *src, uint32 len)
  {
-       if(!prs_grow(dst, len))
+       if(!prs_force_grow(dst, len))
                 return False;
  
         memcpy(&dst->data_p[dst->data_offset], src, (size_t)len);
diff --git a/source/rpc_server/srv_pipe.c b/source/rpc_server/srv_pipe.c

index 9ba62ea656a604f61f43abada99bf287d7db45e2..06743d8d163a1f7869c872842a1ab2157fe5f9db 100644 (file)
--- a/source/rpc_server/srv_pipe.c
+++ b/source/rpc_server/srv_pipe.c
@@ -110,7 +110,7 @@ BOOL create_next_pdu(pipes_struct *p)
                 p->hdr.flags = 0;
  
         /*
-        * Work out how much we can fit in a sigle PDU.
+        * Work out how much we can fit in a single PDU.
          */
  
         data_space_available = sizeof(p->out_data.current_pdu) - RPC_HEADER_LEN - RPC_HDR_RESP_LEN;
author	Jeremy Allison <jra@samba.org>
	Wed, 17 May 2000 03:12:56 +0000 (03:12 +0000)
committer	Jeremy Allison <jra@samba.org>
	Wed, 17 May 2000 03:12:56 +0000 (03:12 +0000)
source/rpc_parse/parse_prs.c		patch \| blob \| history
source/rpc_server/srv_pipe.c		patch \| blob \| history