sin/samba-mirror
1
0
Fork 0
mirror of https://github.com/samba-team/samba.git synced 2024-12-27 03:21:53 +03:00
Code

- fixed memcpy bug in copy_unistr2()

Browse Source 
- init_unistr2_from_unistr() does not NULL terminate
  the buffer



--jerry
(This used to be commit 65ee5f9b6e)
This commit is contained in:
Gerald Carter 2000-08-16 03:41:02 +00:00
parent 2ba82c02d4
commit 4620c70549
1 changed files with 21 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

26
source3/rpc_parse/parse_misc.c
View File

@ -753,13 +753,20 @@ void init_buf_unistr2(UNISTR2 *str, uint32 *ptr, const char *buf)
void copy_unistr2(UNISTR2 *str, UNISTR2 *from) void copy_unistr2(UNISTR2 *str, UNISTR2 *from)
{ {
/* set up string lengths. add one if string is not null-terminated */ /* set up string lengths. add one if string is not null-terminated */
str->uni_max_len = from->uni_max_len; str->uni_max_len = from->uni_max_len;
str->undoc = from->undoc; str->undoc = from->undoc;
str->uni_str_len = from->uni_str_len; str->uni_str_len = from->uni_str_len;
if (from->buffer == NULL)
return;
/* the string buffer is allocated to the maximum size
(the the length of the source string) to prevent
reallocation of memory. */
if (str->buffer == NULL) { if (str->buffer == NULL) {
size_t len = from->uni_max_len * 2; size_t len = from->uni_max_len * sizeof(uint16);
if (!parse_misc_talloc) if (!parse_misc_talloc)
parse_misc_talloc = talloc_init(); parse_misc_talloc = talloc_init();
@ -769,12 +776,15 @@ void copy_unistr2(UNISTR2 *str, UNISTR2 *from)
len *= sizeof(uint16); len *= sizeof(uint16);
str->buffer = (uint16 *)talloc(parse_misc_talloc, len); str->buffer = (uint16 *)talloc(parse_misc_talloc, len);
if (str->buffer == NULL) if ((str->buffer == NULL) && (len > 0 ))
{
smb_panic("copy_unistr2: malloc fail\n"); smb_panic("copy_unistr2: malloc fail\n");
return;
}
} }
/* copy the string */ /* copy the string */
memcpy(str->buffer, from->buffer, sizeof(from->buffer)); memcpy(str->buffer, from->buffer, from->uni_max_len*sizeof(uint16));
} }
/******************************************************************* /*******************************************************************
@ -868,8 +878,11 @@ void init_unistr2(UNISTR2 *str, const char *buf, size_t len)
len *= sizeof(uint16); len *= sizeof(uint16);
str->buffer = (uint16 *)talloc(parse_misc_talloc, len); str->buffer = (uint16 *)talloc(parse_misc_talloc, len);
if (str->buffer == NULL) if ((str->buffer == NULL) && (len > 0))
{
smb_panic("init_unistr2: malloc fail\n"); smb_panic("init_unistr2: malloc fail\n");
return;
}
/* store the string (null-terminated 8 bit chars into 16 bit chars) */ /* store the string (null-terminated 8 bit chars into 16 bit chars) */
dos_struni2((char *)str->buffer, buf, len); dos_struni2((char *)str->buffer, buf, len);
@ -896,12 +909,13 @@ void init_unistr2_from_unistr (UNISTR2 *to, UNISTR *from)
i = 0; i = 0;
while ((from->buffer)[i]!='\0') while ((from->buffer)[i]!='\0')
i++; i++;
i++; /* one more to catch the terminating NULL */
/* set up string lengths; uni_max_len is set to i+1 /* set up string lengths; uni_max_len is set to i+1
because we need to account for the final NULL termination */ because we need to account for the final NULL termination */
to->uni_max_len = i+1; to->uni_max_len = i;
to->undoc = 0; to->undoc = 0;
to->uni_str_len = i+1; to->uni_str_len = i;
if (!parse_misc_talloc) if (!parse_misc_talloc)
parse_misc_talloc = talloc_init(); parse_misc_talloc = talloc_init();