basic_smb_auth: Buffer overrun.

author Amos Jeffries <squid3@treenet.co.nz>

Sun, 18 Nov 2012 11:37:48 +0000 (04:37 -0700)

committer Amos Jeffries <squid3@treenet.co.nz>

Sun, 18 Nov 2012 11:37:48 +0000 (04:37 -0700)
author Amos Jeffries <squid3@treenet.co.nz>
Sun, 18 Nov 2012 11:37:48 +0000 (04:37 -0700)
committer Amos Jeffries <squid3@treenet.co.nz>
Sun, 18 Nov 2012 11:37:48 +0000 (04:37 -0700)
diff --git a/helpers/basic_auth/SMB/basic_smb_auth.cc b/helpers/basic_auth/SMB/basic_smb_auth.cc

index 568f0a6db62f90c26e191d7b9ea7cd7f803056fb..c89dc4ea30d38d8f5a03648b01d08f3dd96e664e 100644 (file)
--- a/helpers/basic_auth/SMB/basic_smb_auth.cc
+++ b/helpers/basic_auth/SMB/basic_smb_auth.cc
@@ -82,7 +82,11 @@ print_esc(FILE * p, char *s)
      int i = 0;
  
      for (t = s; *t != '\0'; ++t) {
-        if (i > HELPER_INPUT_BUFFER-2) {
+        /*
+         * NP: The shell escaping permits 'i' to jump up to 2 octets per loop,
+         *     so ensure we have at least 3 free.
+         */
+        if (i > HELPER_INPUT_BUFFER-3) {
              buf[i] = '\0';
              (void) fputs(buf, p);
              i = 0;
author	Amos Jeffries <squid3@treenet.co.nz>
	Sun, 18 Nov 2012 11:37:48 +0000 (04:37 -0700)
committer	Amos Jeffries <squid3@treenet.co.nz>
	Sun, 18 Nov 2012 11:37:48 +0000 (04:37 -0700)