mirror of
https://github.com/samba-team/samba.git
synced 2024-12-27 03:21:53 +03:00
- fixed memcpy bug in copy_unistr2()
- init_unistr2_from_unistr() does not NULL terminate
the buffer
--jerry
(This used to be commit 65ee5f9b6e
)
This commit is contained in:
parent
2ba82c02d4
commit
4620c70549
@ -753,13 +753,20 @@ void init_buf_unistr2(UNISTR2 *str, uint32 *ptr, const char *buf)
|
||||
|
||||
void copy_unistr2(UNISTR2 *str, UNISTR2 *from)
|
||||
{
|
||||
|
||||
/* set up string lengths. add one if string is not null-terminated */
|
||||
str->uni_max_len = from->uni_max_len;
|
||||
str->undoc = from->undoc;
|
||||
str->uni_str_len = from->uni_str_len;
|
||||
|
||||
if (from->buffer == NULL)
|
||||
return;
|
||||
|
||||
/* the string buffer is allocated to the maximum size
|
||||
(the the length of the source string) to prevent
|
||||
reallocation of memory. */
|
||||
if (str->buffer == NULL) {
|
||||
size_t len = from->uni_max_len * 2;
|
||||
size_t len = from->uni_max_len * sizeof(uint16);
|
||||
|
||||
if (!parse_misc_talloc)
|
||||
parse_misc_talloc = talloc_init();
|
||||
@ -769,12 +776,15 @@ void copy_unistr2(UNISTR2 *str, UNISTR2 *from)
|
||||
len *= sizeof(uint16);
|
||||
|
||||
str->buffer = (uint16 *)talloc(parse_misc_talloc, len);
|
||||
if (str->buffer == NULL)
|
||||
if ((str->buffer == NULL) && (len > 0 ))
|
||||
{
|
||||
smb_panic("copy_unistr2: malloc fail\n");
|
||||
return;
|
||||
}
|
||||
}
|
||||
|
||||
/* copy the string */
|
||||
memcpy(str->buffer, from->buffer, sizeof(from->buffer));
|
||||
memcpy(str->buffer, from->buffer, from->uni_max_len*sizeof(uint16));
|
||||
}
|
||||
|
||||
/*******************************************************************
|
||||
@ -868,8 +878,11 @@ void init_unistr2(UNISTR2 *str, const char *buf, size_t len)
|
||||
len *= sizeof(uint16);
|
||||
|
||||
str->buffer = (uint16 *)talloc(parse_misc_talloc, len);
|
||||
if (str->buffer == NULL)
|
||||
if ((str->buffer == NULL) && (len > 0))
|
||||
{
|
||||
smb_panic("init_unistr2: malloc fail\n");
|
||||
return;
|
||||
}
|
||||
|
||||
/* store the string (null-terminated 8 bit chars into 16 bit chars) */
|
||||
dos_struni2((char *)str->buffer, buf, len);
|
||||
@ -896,12 +909,13 @@ void init_unistr2_from_unistr (UNISTR2 *to, UNISTR *from)
|
||||
i = 0;
|
||||
while ((from->buffer)[i]!='\0')
|
||||
i++;
|
||||
i++; /* one more to catch the terminating NULL */
|
||||
|
||||
/* set up string lengths; uni_max_len is set to i+1
|
||||
because we need to account for the final NULL termination */
|
||||
to->uni_max_len = i+1;
|
||||
to->uni_max_len = i;
|
||||
to->undoc = 0;
|
||||
to->uni_str_len = i+1;
|
||||
to->uni_str_len = i;
|
||||
|
||||
if (!parse_misc_talloc)
|
||||
parse_misc_talloc = talloc_init();
|
||||
|
Loading…
Reference in New Issue
Block a user