summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorNoel Power <noel.power@suse.com>2015-10-28 17:08:28 +0000
committerKarolin Seeger <kseeger@samba.org>2015-11-20 09:11:19 +0100
commite7e55390b8b5ab266b71eb74c8cef6a193c10f8f (patch)
tree50fa6a5d88c8ee7ba808239d94619eb1a7fda02f
parent6860eb791f8963c150b7b3342c3458ae222a9a19 (diff)
downloadsamba-e7e55390b8b5ab266b71eb74c8cef6a193c10f8f.tar.gz
fix 'Invalid read of size 1' in reply_search
Signed-off-by: Noel Power <noel.power@suse.com> Reviewed-by: Jeremy Allison <jra@samba.org> Reviewed-by: Volker Lendecke <vl@samba.org> (cherry picked from commit 0f2f8a4f772ff22d00a9e87dafa97a431af8f6da)
Diffstat
-rw-r--r--source3/smbd/reply.c9
1 files changed, 5 insertions, 4 deletions
diff --git a/source3/smbd/reply.c b/source3/smbd/reply.c
index 20c793f275f..b6f999239e7 100644
--- a/source3/smbd/reply.c
+++ b/source3/smbd/reply.c
@@ -1607,7 +1607,7 @@ void reply_search(struct smb_request *req)
{
connection_struct *conn = req->conn;
char *path = NULL;
- const char *mask = NULL;
+ char *mask = NULL;
char *directory = NULL;
struct smb_filename *smb_fname = NULL;
char *fname = NULL;
@@ -1688,11 +1688,11 @@ void reply_search(struct smb_request *req)
p = strrchr_m(directory,'/');
if ((p != NULL) && (*directory != '/')) {
- mask = p + 1;
+ mask = talloc_strdup(ctx, p + 1);
directory = talloc_strndup(ctx, directory,
PTR_DIFF(p, directory));
} else {
- mask = directory;
+ mask = talloc_strdup(ctx, directory);
directory = talloc_strdup(ctx,".");
}
@@ -1741,7 +1741,7 @@ void reply_search(struct smb_request *req)
goto out;
}
- mask = dptr_wcard(sconn, dptr_num);
+ mask = talloc_strdup(ctx, dptr_wcard(sconn, dptr_num));
if (!mask) {
goto SearchEmpty;
}
@@ -1880,6 +1880,7 @@ void reply_search(struct smb_request *req)
maxentries ));
out:
TALLOC_FREE(directory);
+ TALLOC_FREE(mask);
TALLOC_FREE(smb_fname);
END_PROFILE(SMBsearch);
return;
View Lorry Controller Status