From: Kai Blin Date: Tue, 16 Dec 2008 21:42:12 +0000 (-0800) Subject: (Fixed) Final part of fix for bug #5953 - smbclient crashes: cli_list_new segmentatio... X-Git-Tag: samba-3.3.0~164 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=6e016ecc7a42ff87a1d4edc7a1f58e8e8fc65211;p=thirdparty%2Fsamba.git (Fixed) Final part of fix for bug #5953 - smbclient crashes: cli_list_new segmentation fault (with NAS-BASIC server). (cherry picked from commit 52654119cbf15acf6c4663b171df04e9a2bc26b7) --- diff --git a/source/libsmb/clilist.c b/source/libsmb/clilist.c index cebafc6919a..1431b804b04 100644 --- a/source/libsmb/clilist.c +++ b/source/libsmb/clilist.c @@ -79,16 +79,17 @@ static size_t interpret_long_filename(TALLOC_CTX *ctx, p += 27; p += clistr_align_in(cli, p, 0); - /* We can safely use +1 here (which is required by OS/2) - * instead of +2 as the STR_TERMINATE flag below is + /* We can safely use len here (which is required by OS/2) + * and the NAS-BASIC server instead of +2 or +1 as the + * STR_TERMINATE flag below is * actually used as the length calculation. - * The len+2 is merely an upper bound. + * The len is merely an upper bound. * Due to the explicit 2 byte null termination * in cli_receive_trans/cli_receive_nt_trans * we know this is safe. JRA + kukks */ - if (p + len + 1 > pdata_end) { + if (p + len > pdata_end) { return pdata_end - base; }