From: Gary Lockyer <gary@catalyst.net.nz>
Date: Wed, 5 Jun 2019 20:40:42 +0000 (+1200)
Subject: libcli smb smb1cli_trans: fix ubsan warning
X-Git-Tag: talloc-2.3.1~342
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=aed4d0637675629a33585a0198c8cbbb64371638;p=thirdparty%2Fsamba.git

libcli smb smb1cli_trans: fix ubsan warning

Fix ubsan warning null pointer passed as argument 2 when the source
pointer is NULL.  The calls to memcpy are now guarded by an
if (len > 0)

Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn@samba.org>

Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Wed Oct 16 18:00:31 UTC 2019 on sn-devel-184
---

diff --git a/libcli/smb/smb1cli_trans.c b/libcli/smb/smb1cli_trans.c
index c305463846d..99021ce2b47 100644
--- a/libcli/smb/smb1cli_trans.c
+++ b/libcli/smb/smb1cli_trans.c
@@ -351,8 +351,10 @@ static void smb1cli_trans_format(struct smb1cli_trans_state *state,
 		SSVAL(vwv +12, 0, data_offset);
 		SCVAL(vwv +13, 0, state->num_setup);
 		SCVAL(vwv +13, 1, 0);	/* reserved */
-		memcpy(vwv + 14, state->setup,
-		       sizeof(uint16_t) * state->num_setup);
+		if (state->num_setup > 0) {
+			memcpy(vwv + 14, state->setup,
+			       sizeof(uint16_t) * state->num_setup);
+		}
 		break;
 	case SMBtranss:
 	case SMBtranss2: