From 4ab75143c4466ad0ea8443512dd5ade449d72462 Mon Sep 17 00:00:00 2001 From: Tim Potter Date: Fri, 28 Jul 2000 06:27:32 +0000 Subject: [PATCH] Fixed read overrun in init_string2() --- source/rpc_parse/parse_misc.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/source/rpc_parse/parse_misc.c b/source/rpc_parse/parse_misc.c index 2a642e1cec1..276e66a113d 100644 --- a/source/rpc_parse/parse_misc.c +++ b/source/rpc_parse/parse_misc.c @@ -775,6 +775,8 @@ void copy_unistr2(UNISTR2 *str, UNISTR2 *from) void init_string2(STRING2 *str, char *buf, int len) { + int alloc_len = 0; + /* set up string lengths. */ str->str_max_len = len; str->undoc = 0; @@ -786,8 +788,8 @@ void init_string2(STRING2 *str, char *buf, int len) parse_misc_talloc = talloc_init(); if (len < MAX_STRINGLEN) - len = MAX_STRINGLEN; - str->buffer = talloc(parse_misc_talloc, len); + alloc_len = MAX_STRINGLEN; + str->buffer = talloc(parse_misc_talloc, alloc_len); if (str->buffer == NULL) smb_panic("init_string2: malloc fail\n"); memcpy(str->buffer, buf, len);