From: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Date: Fri, 10 May 2019 03:35:32 +0000 (+1200)
Subject: util/charset/convert_string: always set length
X-Git-Tag: tdb-1.4.1~42
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=09355b7855650cc52781796ad0a5fd28504ea3d0;p=thirdparty%2Fsamba.git

util/charset/convert_string: always set length

In failure cases the destination string pointer is set to NULL, but
the size is not changed. Some callers have not been checking the
return value and passing the destination pointer and uninitialised
length onto other functions. We can curse and blame those callers, but
let's also keep them safe.

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
---

diff --git a/lib/util/charset/convert_string.c b/lib/util/charset/convert_string.c
index 196302aacfd..41970652154 100644
--- a/lib/util/charset/convert_string.c
+++ b/lib/util/charset/convert_string.c
@@ -357,6 +357,9 @@ bool convert_string_talloc_handle(TALLOC_CTX *ctx, struct smb_iconv_handle *ic,
 	void **dest = (void **)dst;
 
 	*dest = NULL;
+	if (converted_size != NULL) {
+		*converted_size = 0;
+	}
 
 	if (src == NULL || srclen == (size_t)-1) {
 		errno = EINVAL;