s3: smbd: vfs_dirsort module.

Fix an off-by-one check that would cause seekdir to
seek off the end of the cached array.

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ronnie Sahlberg <ronniesahlberg.gmail.com>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Wed Sep  3 19:59:54 CEST 2014 on sn-devel-104

Bug: https://bugzilla.samba.org/show_bug.cgi?id=10794
vfs_dirsort has an off-by-one error that can cause uninitialized memory read

Autobuild-User(v4-1-test): Karolin Seeger <kseeger@samba.org>
Autobuild-Date(v4-1-test): Mon Sep  8 10:00:32 CEST 2014 on sn-devel-104

diff --git a/source3/modules/vfs_dirsort.c b/source3/modules/vfs_dirsort.c
index 98109c280bfa8c1bc8118d7559efae7541a85734..d6b33941fad67a13d7a4719e735f6ff98d2368aa 100644 (file)
--- a/source3/modules/vfs_dirsort.c
+++ b/source3/modules/vfs_dirsort.c
@@ -256,7 +256,7 @@ static void dirsort_seekdir(vfs_handle_struct *handle, DIR *dirp,
        if (data == NULL) {
                return;
        }
-       if (offset > data->number_of_entries) {
+       if (offset >= data->number_of_entries) {
                return;
        }
        data->pos = offset;