s4:ntvfs: Fix string copy of share_name
authorAndreas Schneider <asn@samba.org>
Tue, 15 May 2018 15:55:22 +0000 (17:55 +0200)
committerKarolin Seeger <kseeger@samba.org>
Wed, 20 Jun 2018 07:22:24 +0000 (09:22 +0200)
../source4/ntvfs/ipc/rap_server.c:70:3: error: ‘strncpy’ specified bound 13 equals destination size [-Werror=stringop-truncation]
   strncpy((char *)r->out.info[j].info1.share_name,
   ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    snames[i],
    ~~~~~~~~~~
    sizeof(r->out.info[0].info1.share_name));
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
(cherry picked from commit 609ef35c12900bbd5ecaa557f7b5d71b5784a103)

source4/ntvfs/ipc/rap_server.c

index 3a133f568da6f1cc3acc88c9deae30fdb4a5c120..fc2d3aa611d288d6124f345d19b09111932bfc90 100644 (file)
@@ -63,13 +63,18 @@ NTSTATUS rap_netshareenum(TALLOC_CTX *mem_ctx,
                                   union rap_share_info, r->out.available);
 
        for (i = 0, j = 0; i < r->out.available; i++) {
+               size_t sname_len;
+
                if (!NT_STATUS_IS_OK(share_get_config(mem_ctx, sctx, snames[i], &scfg))) {
                        DEBUG(3, ("WARNING: Service [%s] disappeared after enumeration!\n", snames[i]));
                        continue;
                }
-               strncpy((char *)r->out.info[j].info1.share_name,
+               /* Make sure we have NUL-termination */
+               sname_len = MIN(strlen(snames[i]),
+                               sizeof(r->out.info[j].info1.share_name));
+               strlcpy((char *)r->out.info[j].info1.share_name,
                        snames[i],
-                       sizeof(r->out.info[0].info1.share_name));
+                       sname_len);
                r->out.info[i].info1.reserved1 = 0;
                r->out.info[i].info1.share_type = dcesrv_common_get_share_type(mem_ctx, NULL, scfg);
                r->out.info[i].info1.comment = share_string_option(mem_ctx, scfg, SHARE_COMMENT, "");