diff options
author | Joseph Sutton <josephsutton@catalyst.net.nz> | 2023-02-28 16:55:06 +1300 |
---|---|---|
committer | Andrew Bartlett <abartlet@samba.org> | 2023-03-03 01:07:36 +0000 |
commit | 262b40d83304d219c4ffb4eadebb8d51c02ba025 (patch) | |
tree | 5592ea8fdbb52050262c38af8f50ead35b7af19a /auth | |
parent | 1312b2d1699e544cff4f3f7dccd9a02a5bd295fa (diff) | |
download | samba-262b40d83304d219c4ffb4eadebb8d51c02ba025.tar.gz |
auth/credentials: Fix off-by-one buffer write
If p == pass + 127, assigning to '*++p' writes beyond the array.
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Diffstat (limited to 'auth')
-rw-r--r-- | auth/credentials/credentials.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/auth/credentials/credentials.c b/auth/credentials/credentials.c index 67644e806e4..917b05a547a 100644 --- a/auth/credentials/credentials.c +++ b/auth/credentials/credentials.c @@ -1556,7 +1556,7 @@ _PUBLIC_ bool cli_credentials_parse_password_fd(struct cli_credentials *credenti char pass[128]; for(p = pass, *p = '\0'; /* ensure that pass is null-terminated */ - p && p - pass < sizeof(pass);) { + p && p - pass < sizeof(pass) - 1;) { switch (read(fd, p, 1)) { case 1: if (*p != '\n' && *p != '\0') { |