equal
deleted
inserted
replaced
1 Samba 3.6.23 patch for: |
|
2 FSCTL_GET_SHADOW_COPY_DATA: Initialize output array to, zero |
|
3 ...derived from Christof Schmitt <[email protected]>'s patch for Samba 4.0 |
|
4 http://www.samba.org/samba/ftp/patches/security/samba-4.0.17-CVE-2014-0178-CVE-2014-0239.patch |
|
5 |
|
6 --- a/source3/smbd/nttrans.c 2014-03-11 03:17:34.000000000 -0700 |
|
7 +++ samba-3.6.23/source3/smbd/nttrans.c 2014-06-18 06:17:02.771463164 -0700 |
|
8 @@ -2303,7 +2303,7 @@ |
|
9 if (!labels) { |
|
10 *out_len = 16; |
|
11 } else { |
|
12 - *out_len = 12 + labels_data_count + 4; |
|
13 + *out_len = 12 + labels_data_count; |
|
14 } |
|
15 |
|
16 if (max_out_len < *out_len) { |
|
17 @@ -2313,7 +2313,7 @@ |
|
18 return NT_STATUS_BUFFER_TOO_SMALL; |
|
19 } |
|
20 |
|
21 - cur_pdata = talloc_array(ctx, char, *out_len); |
|
22 + cur_pdata = talloc_zero_array(ctx, char, *out_len); |
|
23 if (cur_pdata == NULL) { |
|
24 TALLOC_FREE(shadow_data); |
|
25 return NT_STATUS_NO_MEMORY; |
|
26 @@ -2330,7 +2330,7 @@ |
|
27 } |
|
28 |
|
29 /* needed_data_count 4 bytes */ |
|
30 - SIVAL(cur_pdata, 8, labels_data_count + 4); |
|
31 + SIVAL(cur_pdata, 8, labels_data_count); |
|
32 |
|
33 cur_pdata += 12; |
|
34 |
|