From 57849c31b9bc4b1ceb0dac63306481e7b50ab161 Mon Sep 17 00:00:00 2001 From: Volker Lendecke Date: Sat, 16 Jan 2010 13:31:44 +0100 Subject: [PATCH] s3: Fix a crash in libsmbclient used against the OpenSolaris CIFS server A user has sent me a sniff where the OpenSolaris CIFS server returns "32" in totalentries, but the array in ctr only contains 15 entries. Look at the right delimiter for walking the array. Fix bug #7046 (libsmbclient crash against OpenSolaris CIFS server). (cherry picked from commit 1d611028433db18e96d946b206a8eed1048f9b26) --- source/libsmb/libsmb_dir.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/source/libsmb/libsmb_dir.c b/source/libsmb/libsmb_dir.c index b370f4b9938..845ee5ef656 100644 --- a/source/libsmb/libsmb_dir.c +++ b/source/libsmb/libsmb_dir.c @@ -303,7 +303,7 @@ net_share_enum_rpc(struct cli_state *cli, } /* For each returned entry... */ - for (i = 0; i < total_entries; i++) { + for (i = 0; i < info_ctr.ctr.ctr1->count; i++) { /* pull out the share name */ fstrcpy(name, info_ctr.ctr.ctr1->array[i].name); -- 2.11.4.GIT