Commit cfee914f authored by Rob Swindell's avatar Rob Swindell 💬
Browse files

Fix crash in smb_addfile_withlist() when passed a non-NULL empty list

Don't allocate and memset a buffer of -1:
#1  0x0000559222bc167f in strListCombine (list=0x559224220720, buf=0x559224226550 "", maxlen=18446744073709551615,
    delimit=0x559222bcce0a "\r\n") at str_list.c:447
447             memset(buf, 0, maxlen);
(gdb) print maxlen
$1 = 18446744073709551615
(gdb) up
#2  0x0000559222ba3841 in smb_addfile_withlist (smb=0x7ffce63a7e90, file=0x7ffce63a5bc0, storage=1, extdesc=0x0,
    list=0x559224220720, path=0x7ffce63a6e80 "/xfer/loons/manhater.mp3") at smbfile.c:365
365                     strListCombine(list, content, size - 1, "\r\n");
(gdb) print list
$2 = (str_list_t) 0x559224220720
(gdb) print list[0]
$3 = 0x0

Found/reported by plt via irc. Thanks!
parent 024319d6
Pipeline #2156 passed with stage
in 10 minutes and 6 seconds
......@@ -357,7 +357,7 @@ int smb_addfile_withlist(smb_t* smb, smbfile_t* file, int storage, const char* e
char* content = NULL;
int result;
if(list != NULL) {
if(list != NULL && *list != NULL) {
size_t size = strListCount(list) * 1024;
content = calloc(1, size);
if(content == NULL)
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment