Displaying 1 result from an estimated 1 matches for "mangled_len".
2004 Jul 14
4
String overflow in safe_strcpy .
...===================================
> --- smbd/mangle_hash.c (revision 1298)
> +++ smbd/mangle_hash.c (working copy)
> @@ -546,8 +546,10 @@
> /* Fill the new cache entry, and add it to the cache. */
> s1 = (char *)(new_entry + 1);
> s2 = (char *)&(s1[mangled_len + 1]);
> - safe_strcpy( s1, mangled_name, mangled_len );
> - safe_strcpy( s2, raw_name, raw_len );
> + memcpy( s1, mangled_name, mangled_len );
> + s1[mangled_len] = '\0';
> + memcpy( s2, raw_name, raw_len );
> + s2[raw_len] = '\0';
>...