# HG changeset patch
# User Jiri Sasek <Jiri.Sasek@Oracle.COM>
# Date 1406116469 25200
# Node ID b47782ba45406a4e38cc8f72430eb0d682662235
# Parent  3a68667fe366beac85ef3f50301fc112b7d92c3f
18875952 problem in UTILITY/SAMBA

diff -r 3a68667fe366 -r b47782ba4540 components/samba/samba/patches/FSCTL_GET_SHADOW_COPY_DATA.patch
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/components/samba/samba/patches/FSCTL_GET_SHADOW_COPY_DATA.patch	Wed Jul 23 04:54:29 2014 -0700
@@ -0,0 +1,34 @@
+Samba 3.6.23 patch for:
+FSCTL_GET_SHADOW_COPY_DATA: Initialize output array to, zero
+...derived from Christof Schmitt <christof.schmitt@us.ibm.com>'s patch for Samba 4.0
+http://www.samba.org/samba/ftp/patches/security/samba-4.0.17-CVE-2014-0178-CVE-2014-0239.patch
+
+--- a/source3/smbd/nttrans.c	2014-03-11 03:17:34.000000000 -0700
++++ samba-3.6.23/source3/smbd/nttrans.c	2014-06-18 06:17:02.771463164 -0700
+@@ -2303,7 +2303,7 @@
+ 		if (!labels) {
+ 			*out_len = 16;
+ 		} else {
+-			*out_len = 12 + labels_data_count + 4;
++			*out_len = 12 + labels_data_count;
+ 		}
+ 
+ 		if (max_out_len < *out_len) {
+@@ -2313,7 +2313,7 @@
+ 			return NT_STATUS_BUFFER_TOO_SMALL;
+ 		}
+ 
+-		cur_pdata = talloc_array(ctx, char, *out_len);
++		cur_pdata = talloc_zero_array(ctx, char, *out_len);
+ 		if (cur_pdata == NULL) {
+ 			TALLOC_FREE(shadow_data);
+ 			return NT_STATUS_NO_MEMORY;
+@@ -2330,7 +2330,7 @@
+ 		}
+ 
+ 		/* needed_data_count 4 bytes */
+-		SIVAL(cur_pdata, 8, labels_data_count + 4);
++		SIVAL(cur_pdata, 8, labels_data_count);
+ 
+ 		cur_pdata += 12;
+